Monday, November 06, 2017

How to set a PIN password or a short password in Ubuntu Linux

If you are looking for a way to a PIN password or a short password in Ubuntu Linux, similar to Windows 10, you've come to the right place.
The way described here changes only the desktop login (lightdm service), but can be applied to other services as well if you wish.
Also, this allows you to have your original strong password for "sudo", while maintaining a fairly easy way to login to Ubuntu desktop.
Commands can be issued in the terminal program.

Installing pam_pwdfile.so

First of all, make sure you have installed the libpam-pwdfile package:
sudo apt-get install libpam-pwdfile

Creating the user/password file

You will be prompted to enter a new PIN password.
Your password will be encrypted and saved to a file named "passwd.like"


pinpass=$(mkpasswd -5)
echo "$pinpass" | sudo tee /etc/passwd.like


You will see the encrypted pin password echoed in the terminal. This password will be written to the /etc/passwd.like file.

Alternatively, you may use:
openssl passwd -1 yourpinpasswordhere


Setting up the desktop login service

The next step is to prepare the desktop login service to accept the PIN password before other password procedures. I've mentioned already the name of the desktop login service, lightdm .

Take a look at the file:

cat /etc/pam.d/lightdm

If you don't have this file, then your desktop (login) service is a different one, and you should find your desktop manager before going further. As explained before, this guide is for Ubuntu 16.04 but can be used for other login services as well.

It could be useful if you also create a backup:

sudo cp /etc/pam.d/lightdm /etc/pam.d/lightdm.backup

Now, you may edit the file using nano or gedit or any other  text editor:
sudo gedit /etc/pam.d/lightdm

At the top of the file mine had:



#%PAM-1.0
auth    requisite       pam_nologin.so
auth    sufficient      pam_succeed_if.so user ingroup nopasswdlogin
@include common-auth

I have modified it like so:




#%PAM-1.0
auth requisite pam_nologin.so
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
auth required pam_pwdfile.so pwdfile=/etc/passwd.like
auth required pam_permit.so
#
@include common-auth

Save the file and close your text editor.

Log out and log back in.

You should be able to use the PIN password you set. By following this guide, the PIN password is only used for the desktop login service, not for the password of sudo commands.

Sources:
This is a modified guide based on a pam pwdfile guide for vsftpd at: http://www.rollnorocks.com/2015/11/authenticating-vsftpd-virtual-users-with-pam_pwdfile-so/