GDM autologin when USB stick present, else not

Today I figured it would be a nice idea to increase bootup speed by doing autologin with GDM, which is nothing spectacular, you can just do it.
BUT: What if this machine is used by others from time to time and you don't want someone else to boot the machine and be logged in with your account?
What I find on the net are solutions on how to use pam_usb to save you from entering your password while your USB stick is plugged in. But in my case, for the initial boot of the machine I'm working with, I'd even like to not be asked for my username - but of course only if my USB stick is present.

How to do this is straightforward:
  1. Install and configure pam_usb
  2. Set up your USB stick for authentication
  3. Set the GDM autologin feature to use your username
  4. Modify pam for gdm-autologin to "look for" your USB stick
This results in getting an error and being prompted with username/password dialog of GDM in case your USB stick is not present, but when it is, you're logged in automatically.

Following the quickstart guide on
# apt-get install libpam-usb pamusb-tools
# pamusb-conf --add-device MyDevice
# pamusb-conf --add-user john

Now, to use pam_usb as a "common" access module, follow the quickstart guide. In our case, this would be optional. If you still need this feature, add
auth    sufficient
auth    required nullok_secure
in /etc/pam.d/common-auth.

For what is intended here, it suffices to replace
auth    required
auth    sufficient
in /etc/pam.d/gdm-autologin

Which does exactly what we want to achieve: replacing the "always permit" module by the pam_usb module.

Finally, don't forget to actually enable autologin and you're done!

So my day in the office now begins like this: Enter office, switch on my workstation, insert usb stick during boot, grab some (free) coffee, return and I'm welcomed by the desktop instead of the login prompt!

EDIT: If your stick can not be mounted after reboot by pmount (pmount -d /dev/sdxn) or you get an error "device not removable" issuing pamusb-check --debug then you can add your device to /etc/pamusb.

This page is powered by Blogger. Isn't yours?