GDM autologin when USB stick present, else not

Today I figured it would be a nice idea to increase bootup speed by doing autologin with GDM, which is nothing spectacular, you can just do it.
BUT: What if this machine is used by others from time to time and you don't want someone else to boot the machine and be logged in with your account?
What I find on the net are solutions on how to use pam_usb to save you from entering your password while your USB stick is plugged in. But in my case, for the initial boot of the machine I'm working with, I'd even like to not be asked for my username - but of course only if my USB stick is present.

How to do this is straightforward:
  1. Install and configure pam_usb
  2. Set up your USB stick for authentication
  3. Set the GDM autologin feature to use your username
  4. Modify pam for gdm-autologin to "look for" your USB stick
This results in getting an error and being prompted with username/password dialog of GDM in case your USB stick is not present, but when it is, you're logged in automatically.

Following the quickstart guide on pamusb.org:
# apt-get install libpam-usb pamusb-tools
# pamusb-conf --add-device MyDevice
# pamusb-conf --add-user john

Now, to use pam_usb as a "common" access module, follow the quickstart guide. In our case, this would be optional. If you still need this feature, add
auth    sufficient      pam_usb.so
above
auth    required        pam_unix.so nullok_secure
in /etc/pam.d/common-auth.

For what is intended here, it suffices to replace
auth    required        pam_permit.so
with
auth    sufficient      pam_usb.so
in /etc/pam.d/gdm-autologin

Which does exactly what we want to achieve: replacing the "always permit" module by the pam_usb module.

Finally, don't forget to actually enable autologin and you're done!

So my day in the office now begins like this: Enter office, switch on my workstation, insert usb stick during boot, grab some (free) coffee, return and I'm welcomed by the desktop instead of the login prompt!

EDIT: If your stick can not be mounted after reboot by pmount (pmount -d /dev/sdxn) or you get an error "device not removable" issuing pamusb-check --debug then you can add your device to /etc/pamusb.

Comments:
I have not succeeded to auto-login when my usb key is plugged in because it is not mounted after reboot. Does your usb key get mounted after reboot?
 
I think it is not a problem when the stick is not mounted. pam_usb should work when the stick is present and not necessarily mounted.

Unfortunately, I am currently unable to achieve what I wrote in my initial post with Ubuntu Intrepid (8.10). Did someone try this with Intrepid, yet?
 
The problem is related to this bug:
https://bugs.launchpad.net/ubuntu/+source/pmount/+bug/296164

I checked what pamusb-check --debug actually does and it calls pmount. pmount complains that the stick (in my case /dev/sdc1) is not removable, although in sysfs it is flagged as removable (/sys/block/sdc/removable).

In the above link, the error will not be resolved since libsysfs is deprecated.

To work around this, add your stick device to /etc/pmount.allow
 
Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?