6.11 Remove Autologin Capabilities from the GNOME desktop - pam.conf

Information

The GNOME Display Manager is used for login session management. See the manual page
gdm(1) for more information. By default, GNOME automatic login is defined in pam.conf(4)
to allow users to access the system without a password.

As automatic logins are a known security risk for other than 'kiosk' types of systems,
GNOME automatic login should be disabled in pam.conf(4).

Solution

Comment out or remove all gdm-autologin lines from /etc/pam.conf-#gdm-autologin auth required pam_unix_cred.so.1
#gdm-autologin auth sufficient pam_allow.so.1
#gdm-autologin account sufficient pam_allow.so.1Comment out or remove all lines from /etc/pam.d/gdm-autologin-#auth required pam_unix_cred.so.1
#auth sufficient pam_allow.so.1
#account sufficient pam_allow.so.1

See Also

https://workbench.cisecurity.org/files/616

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-14a.

Plugin: Unix

Control ID: df5af26bbabf4ea0bd25fc2e6eb0e2205a2e64c37e007a219388333e4c8aae6f