My Hardy desktop box has five user accounts, one of which (visitor) has no password. I can confirm that appending the following to /etc/securetty enables visitor to log in via GDM and successfully unlock gnome-screensaver and switch users.
# X displays :0 :0.0 :20 :20.0 :21 :21.0 :22 :22.0 :23 :23.0 :24 :24.0 Do display names in this form always belong to local X servers? If so, including a bunch of them in /etc/securetty is probably the Right Thing. I can also confirm that leaving /etc/securetty unmolested and doing the following instead gets the job done too: $ cd /etc/pam.d $ sudo cp common-auth common-auth-loose $ sudo sed -i s/nullok_secure/nullok/ common-auth-loose $ sudo sed -i s/common-auth/common-auth-loose/ gdm gnome-screensaver Is this all kinds of insecure as it stands, or only if I turn on XDMCP? -- users with no password can't log in with gdm https://bugs.launchpad.net/bugs/104957 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs