On some Fedora 8 machines for which I need automatic login I enable automatic it by editing /etc/gdm/custom.conf and setting >

[daemon]
AutomaticLoginEnable=true
AutomaticLogin=account to be login as

However this isn't working for me on the Fedora 9 beta.

Is there another way this is meant to work in Fedora 9, or is this a bug?

You "need" automatic login ?

Automatic login is strongly warned against on the screen where it is unfortunately made available. The primary purpose of it is to enable computing for the disabled. When people used to the standard security compromise of Windows attempt to use Linux in the same way they have the general effect of destroying the reputation of Linux as a more secure operating system. Therefore I do not help them do it. But if there really is a legitimate need for it, besides the possibility of some one conditioned by Windows to be too lazy to be secure, then I will endeavor to help you.

techmum,
How about `gdmsetup', does it work? perhaps config file structure was changed...

On some Fedora 8 machines for which I need automatic login I enable automatic it by editing /etc/gdm/custom.conf and setting >

[daemon]
AutomaticLoginEnable=true
AutomaticLogin=account to be login as

However this isn't working for me on the Fedora 9 beta.

Is there another way this is meant to work in Fedora 9, or is this a bug?

GDM has been rewritten and doesn't have this option in the current release. However you can use timed login and set the seconds to zero and you would get the same effect. Refer

http://live.gnome.org/GDM/2.22/Configuration

You "need" automatic login ?

Automatic login is strongly warned against on the screen where it is unfortunately made available. The primary purpose of it is to enable computing for the disabled. When people used to the standard security compromise of Windows attempt to use Linux in the same way they have the general effect of destroying the reputation of Linux as a more secure operating system. Therefore I do not help them do it. But if there really is a legitimate need for it, besides the possibility of some one conditioned by Windows to be too lazy to be secure, then I will endeavor to help you.

Hey OralDeckard,
I know I'm new here, but talking to people in this way acomplishes nothing. I can think of a dozen legitmate reasons why automatic login is a _good_ thing. When you consider the fact they already have physical access to the machine, it's really not that unreasonable of a request.

So please, get off your high horse. If anyone is hurting the reputation of linux, it would be you.

Respectfully yours,
Eric.

However you can use timed login and set the seconds to zero and you would get the same effect.

Fabulous.

That worked. Thanks Rahul.

Here I stand, holding my guts in my hands. I guess you told me off.

For the benefit of anyone finding this thread and seriously wanting information, you should not leave here assuming that a password only protects you from unauthorized login at the keyboard. The warnings in Fedora 8 about the dangers of automatic login, and possibly the reason for removal of easy access to it in F9, are because still waters run deep and you should look very seriously before you take such a leap.

Consider what you see when you use Windows to browse another computer in your Network neighborhood. You find computers where you have not made any shares, and all you see is a printer or two.

Now take a look at the same computer with Linux. You see C$ D$ E$ etc. These are "Administrative Shares." If you remove them, the spring back the next time you reboot. They can be neutralized, but usually are not.

The way many people use there Windows is the way it arrived, running in Administrator, with no password, kind of like Automatic Login.

So when you double click C$ in Linux, if there is an Administrative password you will get a dialog where you can enter the username and password. If you know them, you get in, with full administrative privileges.

But if it has no password, like Automatic Login ? Well, gee, in you go, no matter who you are. Physical access is controlled with a double padlock, yet here your are, browsing through everything, with Read/Write power over all files.

Have you ever wondered why we run Linux in a restricted user account, not the root account right there, and enter a strong password every time we need to do something as root ?

If you leave here thinking that control over physical access makes automatic login harmless, then why not have automatic login to root ?

The reason we run in a user account is that good practice is to accept the possibility that you may be compromised, either by the network or the internet, and the interloper will have whatever privileges you do. The compromise does not come from physical access, but by the network, where access is controlled by a password.

The sad fact is that many people are indeed conditioned by Windows to not use even the most rudimentary security practice, the password. If there really is a real reason that you must have automatic login, that need is greater than your need for network access. If you eliminate internet access and your machine can access another networked machine that still has internet access, an interloper in that machine's user account may find a powerful weapon in your machine that he can use to attack other networked machines.

Anyone can change the root password on your Linux machine if they have physical access. But you will note that it is considered safe because they are in Run Level 2. That is, they have no network access.

If you are new to Linux, please consider that there is a reason Linux is more secure. And if you opt for automatic login, it will not be.

automatic login is a MUST HAVE for mythtv setups without a keyboard and mouse, you want to be able to actually use the machine as a DVR box without juggling keyboards around and logging

just my two cents :)

OralDeckard, I think you're overestimating the strength of the password here. It's like getting a 4 foot thick vault door, but still having windows.

How long do you think if I had physical access to your machine, your password would stand? The first thing I'd do is on the grub screen (the key is like 'a' or something?) force your computer to boot up into single-user mode. (have you locked that down?) From there, I can reset any password I like (including roots).

If that was locked down, I'd just boot off a USB/CD with a live install. Have you locked down your bios too? What if I flash it? If so, what if I take out your hdd, plug it into my computer and replace your password hashes?

Really, the rule is - if someone has physical access to your computer they've got total access. Although, admittedly if you have an encrypted drive, this can changes the game.

Plus - there's heaps of good reasons to have automatic login. Two personally at my home is: 1 my laptop is very old (about 7 years) so I use it as a dumb terminal to login to my main PC (which acts as a server). What do I need a password on a dumb terminal, exactly?!

And the other reason, is my VM images. Why exactly do I need or even want a password for them? The only thing that keeps me using linux, day after day is its flexibility. The day you tried to take that away from me, I'd go somewhere else (bsd?, minix? or god forbid windows?)

One size doesn't fit all. And not everyone has to worry about his brother and sister trying to get access to the computer :P

OralDeckerd

Note that automatic Login does not require the login account to have a blank password. It works fine even if the account has a complex passphrase. Hence, you can rest easy that network access to the box remains as tough as the passphrase/password that is used for the account.

I might add that I agree 100% with your concerns about network access, and would never advocate using an account without a password.

Hence, a blank password is not required for automatic login to work. For precisely the reasons you have outlined, accounts with blank passwords are dangerous. Also I cannot think of ANY situation where they are required since for public kiosks or other similar applications, automatic login works perfectly for accounts with a password.

Heh... I usually set-up my machine up so that only wheel users can issue an su or sudo command.

Just to add my experiences, so far, the autologin is a must for me, the power goes off from time to time here and my comp is set to restart when the power resumes and i need autologin to start so my server starts back up etc.... again, anyway for whatever reason, i found editing /etc/gdm/custom.conf was a bad ideal, this is what i did instead.
http://dnmouse.webs.com/autologin.html
This (above)is what i did, i do not recommend it, or want to start a arguments over security etc, this is just to share what i did. :)

Thank you techmum. I knew automatic login could not wait for a password. To me that meant it was going to run without a password. But if it can boot up into a password protected account without asking for it at boot time, and still leave network access facing a password challenge, then this is great. You have just given me a new power. Thank you.

Of course I never was concerned about this with physical access to the computer. But with network access still password protected this is great. Thank you.

It's easy to set up in /etc/gdm/custom.conf

[daemon]
# http://live.gnome.org/GDM/2.22/Configuration
TimedLoginEnable=true
TimedLogin=yourusername
TimedLoginDelay=0

Dangermouse, Thank you for a very clear and effective explanation of how you did your autologin.