We have Omarine with SELinux in enforcing mode. This is a favorable condition for us to allow a user to login without entering a password. That user is only allowed to login in enforcing mode, otherwise, is denied to login in the permissive mode. Therefore this feature is only available in an SELinux system that operates in enforcing mode like Omarine. This is understandable because enforcing mode is more secure to apply such a feature.
This feature is not of SELinux itself but of the Linux-PAM package that has SELinux awareness. This is done by the PAM module
To allow a user to login via gdm without entering a password, add the following rule at the beginning of the
/etc/pam.d/gdm-password PAM service file:
auth [success=done ignore=ignore default=bad] pam_sepermit.so
Then add the username to the configuration file
/etc/security/sepermit.conf. You can select an existing user or create an additional user account, such as guest by running this command, as the
useradd -m -G users,video guest
Below is an example of adding the guest username to the configuration file (as the
echo guest >> /etc/security/sepermit.conf
Share on Twitter
Share on Facebook
Share on Linked In
Can't see mail in Inbox? Check your Spam folder.