Unlocking Ubuntu with a pin instead of a long password

password gdm login login-screen 19.10

I am trying to set up a pin unlock for my laptop running Ubuntu 19.10. Everything is going very smooth except that I don't know how to do it. I found a page that has the procedure. https://bbs.archlinux.org/viewtopic.php?id=246734

I think this should work but I am very new to Ubuntu/Linux and I am unable to understand the instructions properly.

Can anyone explain me how to do it?

EDIT: I am halfway through the process. Created the the file and installed the package. But don't know what to do with the file. Please Help

Thank You in advance.


Solution 1:

For posterity's sake:

So first:

sudo apt install -y libpam-pwdfile

If you don't have the "mkpasswd" command, then you need to install "whois" first

sudo apt install whois

Then take the username you use to log in, let's say "ben" and do this:

sudo -i

cp /etc/pam.d/gdm-password /etc/pam.d/gdm-password_ORIGINAL

echo "ben:$(mkpasswd -5)" > /etc/custompinfile

Then you need to edit /etc/pam.d/gdm-password (or other desktop manager or whatever, who cares, you'll figure it out, the thing that manages your logins, mine is gdm-password)

and add this line near the top, the top of my /etc/pam.d/gdm-password looks like this

#%PAM-1.0
auth    sufficient  pam_pwdfile.so pwdfile=/etc/custompinfile

Ue whatever, gedit, nano, vim, but you need sudo privileges to edit it.

Then I saved and quit and logged out and when I logged back in it only required the pin on the lock screen, but it didn't accept the pin when asking for sudo privileges, which is what we wanted, otherwise we would have simply set the password to 1234.

If you mess everything up, you can boot in recovery mode (if you don't have a dual boot with Windows, I think it is something like pressing Shift while it's starting up, then there will be a menu to choose recovery mode, in recovery mode you can simply access the shell as root and revert the /etc/pam.d/gdm-password back to it's original state, if you remember it ;-) That's why it's maybe a good idea to make a backup of the original gdm-password file like cp /etc/pam.d/gdm-password /etc/pam.d/gdm-password_ORIGINAL

Remember, the /etc/custompinfile can be called anything, but the contents inside need to be in this format: user:hashedpassword And the hashed password is obtained using mkpasswd -5 when you install the whois package and run it.

Solution 2:

First of all, this is a bad thing security wise!

And you are using a Arch Linux instruction on Ubuntu....

The Ubuntu way is:

Step 1

Run update command to update package repositories and get latest package information.

sudo apt-get update -y

Step 2

Run the install command with -y flag to quickly install the packages and dependencies.

sudo apt-get install -y libpam-pwdfile

Ref.: https://zoomadmin.com/HowToInstall/UbuntuPackage/libpam-pwdfile

Related

How to find the installation method for a given command?
ZFS bpool is almost full; how can I free up space so I can keep updating my system without errors?
Is it possible to install python3-pyqt5 > 5.15 on Ubuntu 20.04?
How to install latest ca-certificates on Ubuntu 14 [closed]
Keyboard layout not recognized (Ubuntu 20.04.3 LTS)
How to change eclipse font sizes
Replacing Pulseaudio with Pipewire in Ubuntu 20.04
Raid 10 Performance Issues
Domain anti-theft best-practices
Runing unbound doh behind nginx
Remote machine closes automatically
MS Azure AD connect & Exchange hybrid deployment