I needed to enable automatic passwordless login in my Debian GNU/Linux …
GNOME and GDM desktop environments developed a lot through the last few years, achieving these simple task was doable only through gdm manual configurations. Nowdays creatiion of user to login without any password is easy via easy to use GUI program.
In this article I'll explain, few ways to enable automatic login in GNOMEThe quickest way is to navigate in GNOMEs gnome-control-center -> Login Window submenu
To do so launch gnome-control-center – press (ALT+F2) keys and type in gnome-control-center, or launch via command line in gnome-terminal or xterm:
hipo@debian:~$ gnome-control-center
While inside the control center find en launch the Login Window as in the screenshot below:
Login Window configuration can be also done directly by launching gdmsetup from command line e.g.:
hipo@debian:~$ /usr/sbin/gdmsetup
...
gdmsetup will further pop up a window asking to type in the root password to allow you to customize, how gdm will deal with user logins.
For who might not know gnome well architecture, gdmsetup is part of the gdm (Gnome Display Manager) package and is the default login program used to login the end user in most of the modern Linux based distributions as well as BSDs. gdm logins the users on many of the free software OS desktop environments like GNOME, LXDE, XFCE… Just to name a few of the many Linuces counting on GDM to handle the user logins: Ubuntu, Xubuntu, Fedora, Debian, Linux Mint, OpenSUSE etc.
Once the Login Windows Prefences appears go to the Security tab.
As you can see in the screenshot, what you can do with gdmsetup it is pretty self-explanatory:
The two options of interests for user authorization without pass are:
a. Enable Automatic Login
To enable:- put a tick on Enable Automatic Login
– from user dropdown menu, choose the user which has to be configured
b. Enable Timed Login
Enable Automatic Login lets the user login without any user password input, immediately after the configured username is typed in (if gdm is with type username prompt).
In case where the usernames are represented by Avatars, (like its in most user friendly Linux distributions), once clicked avatar the user is logged in.
When Enable Timed Login is ticked and a username is choosen or typed, instead of immediately logging the user on click or username input, the user logging is delayed with a number of set seconds .
Enabling the Automatic and / or Timed Login is doable also using few simple configurations directives in /etc/gdm/custom.conf. In many distros /etc/gdm/custom.conf will be not existing and hence the file has to be created.
To enable delayed autologin without password for a user using gdm config:
Create the file with a text editor ( vim, joe, nano )whatever your favourity and place inside:
[daemon]
TimedLoginEnable=true
TimedLogin=hipo
TimedLoginDelay=30
The above gdm config vars can also be placed inside /etc/gdm/gdm.conf but for the sake of clarity its better if custom.conf is used.
If you don't want to bother with a text editor copy paste inside any terminal lets say mlterm :
echo '[daemon]' >> /etc/gdm/custom.conf
echo 'TimedLoginEnable=true' >> /etc/gdm/custom.conf
echo 'TimedLogin=hipo' >> /etc/gdm/custom.conf
echo 'TimedLoginDelay=30' >> /etc/gdm/custom.conf
To enable auto-login for a user on a first PC boot in /etc/gdm/custom.conf put:
[daemon]
AutomaticLoginEnable=true
AutomaticLogin=hipo
An auto login can also be done by using the TimedLoginDelay gdm config directive by putting insetad of the previous code a code like:
[daemon]
TimedLoginEnable=true
TimedLogin=hipo
TimedLoginDelay=0
Where hipo is my desired username that will autolog, and as you see the LoginDelay is 0 (e.g. no gdm login delay)
I attempted to also allow autologin for several users with some cinfigurations like:
[daemon]
AutomaticLoginEnable=true
AutomaticLogin=hipo
AutomaticLogin=other-username
as well as configurations like:
[daemon]
TimedLoginEnable=true
TimedLogin=hipo
TimedLogin=other-username
TimedLoginDelay=0
In gdm3, the location of GDM config files should be /etc/gdm3/ directory, anyways the configurations directives should be working just like in gdm2
After any configuration changes to gdm.conf or custom.conf to load the new settings in gdm a gdm daemon restart is necessery with cmd:
root@debian:~# /etc/init.d/gdm restart
...
Note that, weirdly not using the gdm init script and trying to kill -HUP $(pidof gdm) / killall -9 gdm will not make gdm to load its new configurations. So always restart via /etc/init.d/gdm restart after gdm conf change.
Another alternative method to achieve login without a password input is by creating a passwordless user account on the system. This method is not recommended though, especially for machines with real IP addresses visible from the Internet (with lets say enabled) SSHD access.
Using a passwordless system account can expose the system to a severe security risk!!! Anyways, for systems not running telnet/sshd or any other system remote access service creating a user without an empty password might be not such a bad idea.
To make a user auto login without any password input /etc/shadow file (storing all user account information) needs an edit.
This is an example user entry taken from /etc/shadow:
test:$6$OPdvXArZ$ktujC6bBh9JNaCz8E9v61yNeWcJHqQiuNk8eBzevcwcIl8KFvQzJ6aBCvVpIs0Lf5MAbHjjqftUeN9crWUfxs.:15275:0:99999:7:::Now to make the test user login directly without any pass input, one can just remove his encrypted password string. After the change the user line in /etc/shadow, should be:
test::15275:0:99999:7:::
If the user is created just from scratch e.g. (a new user) that needs to login passwordless in GDM, create it without password:
root@debian:~# adduser -d newusername
To sum it up the good thing about the remove password hash method to auto login a user is that it will allow user or users login across all Display Managers (not only GDM specific).
The bad side is it is very insecure and therefore in most times a really bad practice.
I guess the described ways to login without password in Gdm on FreeBSD should similar, unfortunately right now I have not access to BSD running desktop to test it. If someone has tested it and can confirm it works it will be great to drop a comment.