Unlocking Ubuntu with a pin instead of a long password
I am trying to set up a pin unlock for my laptop running Ubuntu 19.10. Everything is going very smooth except that I don't know how to do it. I found a page that has the procedure. https://bbs.archlinux.org/viewtopic.php?id=246734
I think this should work but I am very new to Ubuntu/Linux and I am unable to understand the instructions properly.
Can anyone explain me how to do it?
EDIT: I am halfway through the process. Created the the file and installed the package. But don't know what to do with the file. Please Help
Thank You in advance.
Solution 1:
For posterity's sake:
So first:
sudo apt install -y libpam-pwdfile
If you don't have the "mkpasswd" command, then you need to install "whois" first
sudo apt install whois
Then take the username you use to log in, let's say "ben" and do this:
sudo -i
cp /etc/pam.d/gdm-password /etc/pam.d/gdm-password_ORIGINAL
echo "ben:$(mkpasswd -5)" > /etc/custompinfile
Then you need to edit /etc/pam.d/gdm-password (or other desktop manager or whatever, who cares, you'll figure it out, the thing that manages your logins, mine is gdm-password)
and add this line near the top, the top of my /etc/pam.d/gdm-password looks like this
#%PAM-1.0
auth sufficient pam_pwdfile.so pwdfile=/etc/custompinfile
Ue whatever, gedit, nano, vim, but you need sudo privileges to edit it.
Then I saved and quit and logged out and when I logged back in it only required the pin on the lock screen, but it didn't accept the pin when asking for sudo privileges, which is what we wanted, otherwise we would have simply set the password to 1234.
If you mess everything up, you can boot in recovery mode (if you don't have a dual boot with Windows, I think it is something like pressing Shift while it's starting up, then there will be a menu to choose recovery mode, in recovery mode you can simply access the shell as root and revert the /etc/pam.d/gdm-password back to it's original state, if you remember it ;-) That's why it's maybe a good idea to make a backup of the original gdm-password file like cp /etc/pam.d/gdm-password /etc/pam.d/gdm-password_ORIGINAL
Remember, the /etc/custompinfile can be called anything, but the contents inside need to be in this format: user:hashedpassword And the hashed password is obtained using mkpasswd -5 when you install the whois package and run it.
Solution 2:
First of all, this is a bad thing security wise!
And you are using a Arch Linux instruction on Ubuntu....
The Ubuntu way is:
Step 1
Run update command to update package repositories and get latest package information.
sudo apt-get update -y
Step 2
Run the install command with -y flag to quickly install the packages and dependencies.
sudo apt-get install -y libpam-pwdfile
Ref.: https://zoomadmin.com/HowToInstall/UbuntuPackage/libpam-pwdfile