Project

General

Profile

Feature #5589

Feature #5684: Screen locker

Have a password-less amnesia account by default

Added by Tails over 6 years ago. Updated over 4 years ago.

Status:
Duplicate
Priority:
Elevated
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:
Starter:
No
Affected tool:

Description

Care must be taken so that a user cannot mistakenly click a "Lock the screen" button while they have not chosen a password. Here's some ideas:

Password-less amnesia account

Make the amnesia account password-less by default, and have the "Lock screen" feature do something non-dumb in this situation. This has been tested to work well; when no password is set, locking the screen just starts the screensaver with no lock.

Issues

However, making the amnesia account password-less overrides Tails Greeter. TG can be seen for a split second when X starts and then GNOME starts.

This seems to be PAM-related. It has been tried to disable "nullok_secure" for pam_unix.so ("traditional password authentication"), which means that empty passwords are ok when used on secure tty's. That prevents gdm from skipping Tails Greeter and go directly to GNOME, but then X aborts with PAM errors when clicking "Login" in Tails Greeter. We should research if we can solve this with PAM in some nice way.

An alternative would be to not make the default user password-less by default and instead have Tails Greeter do it in case an administrative password isn't set. This would work as expected, and can easily be simulated by setting a root password (using rootpw= on the kernel cmdline) and switching out to a console and running passwd -d amnesia right before clicking "Login" in Tails Greeter.

However, if X restarts after the amnesia user's password has been deleted (so we didn't set an administrative password), we'd be back in the same situation; Tails Greeter would be skipped, and any options (e.g. locale) selected in it the previous time wouldn't be selected this time. OTOH I suppose we assume X restarts won't happen, so it's not a big issue.


Related issues

Duplicates Tails - Feature #8383: Research technical possibilities to implement a password prompt for screen locking Resolved 12/03/2014

History

#1 Updated by Tails over 6 years ago

  • Parent task set to #5684

#2 Updated by intrigeri over 6 years ago

  • Priority changed from Normal to Elevated

#3 Updated by BitingBird over 5 years ago

  • Subject changed from have a password-less amnesia account by default to Have a password-less amnesia account by default
  • Starter set to No

#4 Updated by intrigeri about 5 years ago

  • Related to Feature #8383: Research technical possibilities to implement a password prompt for screen locking added

#5 Updated by BitingBird over 4 years ago

  • Related to deleted (Feature #8383: Research technical possibilities to implement a password prompt for screen locking)

#6 Updated by BitingBird over 4 years ago

  • Status changed from Confirmed to Duplicate

#7 Updated by BitingBird over 4 years ago

  • Duplicates Feature #8383: Research technical possibilities to implement a password prompt for screen locking added

Also available in: Atom PDF