| Stephen Gran on 19 Aug 2005 16:24:25 -0000 |
|
On Fri, Aug 19, 2005 at 11:48:24AM -0400, Eric said:
> When the users log on they are sent directly to the
> application menu (via .login script for csh).
>
> Yes, they can interrupt the script (ctrl-c) but they
> don't know it and even if they did they don't know
> what to do with a shell prompt.
>
> Most users connect via "hard line" - serial connected
> terminal.
>
> The few remaining users connect via telnet from the
> internal network.
>
> So, we're really talking about login not requiring
> a password for _some_ user accounts.
So, for login and telnet, you add to /etc/pam.d/{login,telnet} (as first
line):
auth sufficient pam_listfile.so \
file=/etc/nopasswordusers sense=allow onerr=fail item=user
This allows passwordless access to a pam using service, and allows you
to keep a password on the account for all other services. I use this
for gdm on my desktop, as I find it tedious to type my password for a
service that is unreachable from the network.
Also, this allows you to use a different list of users for different
services if you like, giving you some granularity.
HTH,
--
--------------------------------------------------------------------------
| Stephen Gran | Spiritual leadership should remain |
| steve@lobefin.net | spiritual leadership and the temporal |
| http://www.lobefin.net/~steve | power should not become too important |
| | in any church. - Eleanor Roosevelt |
--------------------------------------------------------------------------
Attachment:
signature.asc ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|