Bug ID 1219767
Summary nullok option of pam_unix doesn't work as expected when logging in via a tty with an empty password
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Basesystem
Assignee screening-team-bugs@suse.de
Reporter fbui@suse.com
QA Contact qa-bugs@suse.de
Target Milestone ---
Found By ---
Blocker --- 

To allow a user to log in with an empty password, the option "nullok" of
pam_unix is added in /etc/pam.d/common-auth:

auth    required        pam_env.so      
auth    optional        pam_gnome_keyring.so
auth    required        pam_unix.so     try_first_pass nullok
auth    required        pam_ecryptfs.so unwrap

But when trying to log in via tty1 with user "foo" who has an empty password,
login still prompts for a password.

It appears that pam_gnome_keyring is interfering in the process of
authentication cancelling the effect of nullok. Indeed after commenting the
line with pam_gnome_keyring.so, the login process works as expect and there's
no more password prompt.

Please note that in this scenario gnome/gdm is not involved at all (the system
was booted with multi-user.target target)so I don't really see why
pam_gnome_keyring interferes here.

You are receiving this mail because: