Unlocking Ubuntu with a pin instead of a long password
Solution 1
For posterity's sake:
So first:
sudo apt install -y libpam-pwdfile
If you don't have the "mkpasswd" command, then you need to install "whois" first
sudo apt install whois
Then take the username you use to log in, let's say "ben" and do this:
sudo -i
cp /etc/pam.d/gdm-password /etc/pam.d/gdm-password_ORIGINAL
echo "ben:$(mkpasswd -5)" > /etc/custompinfile
chmod 400 /etc/custompinfile
Then you need to edit /etc/pam.d/gdm-password (or other desktop manager or whatever, who cares, you'll figure it out, the thing that manages your logins, mine is gdm-password)
and add this line near the top, the top of my /etc/pam.d/gdm-password looks like this
#%PAM-1.0
auth sufficient pam_pwdfile.so pwdfile=/etc/custompinfile
Ue whatever, gedit, nano, vim, but you need sudo privileges to edit it.
Then I saved and quit and logged out and when I logged back in it only required the pin on the lock screen, but it didn't accept the pin when asking for sudo privileges, which is what we wanted, otherwise we would have simply set the password to 1234.
If you mess everything up, you can boot in recovery mode (if you don't have a dual boot with Windows, I think it is something like pressing Shift while it's starting up, then there will be a menu to choose recovery mode, in recovery mode you can simply access the shell as root and revert the /etc/pam.d/gdm-password back to it's original state, if you remember it ;-) That's why it's maybe a good idea to make a backup of the original gdm-password file like cp /etc/pam.d/gdm-password /etc/pam.d/gdm-password_ORIGINAL
Remember, the /etc/custompinfile can be called anything, but the contents inside need to be in this format: user:hashedpassword And the hashed password is obtained using mkpasswd -5 when you install the whois package and run it.
Solution 2
First of all, this is a bad thing security wise!
And you are using a Arch Linux instruction on Ubuntu....
The Ubuntu way is:
Step 1
Run update command to update package repositories and get latest package information.
sudo apt-get update -y
Step 2
Run the install command with -y flag to quickly install the packages and dependencies.
sudo apt-get install -y libpam-pwdfile
Ref.: https://zoomadmin.com/HowToInstall/UbuntuPackage/libpam-pwdfile
Related videos on Youtube
Kshitij Radotra
Updated on September 18, 2022Comments
-
Kshitij Radotra over 1 year
I am trying to set up a pin unlock for my laptop running Ubuntu 19.10. Everything is going very smooth except that I don't know how to do it. I found a page that has the procedure. https://bbs.archlinux.org/viewtopic.php?id=246734
I think this should work but I am very new to Ubuntu/Linux and I am unable to understand the instructions properly.
Can anyone explain me how to do it?
EDIT: I am halfway through the process. Created the the file and installed the package. But don't know what to do with the file. Please Help
Thank You in advance.
-
Kshitij Radotra about 4 yearsCan you explain how to create the password file to unlock via pin?
-
Mats Karlsson about 4 yearsThat info is available already in the link in your question
-
Kshitij Radotra about 4 yearsSorry but i'm fairly new to ubuntu/linux and i am unable to understand that very well. Can you elaborate the process of creating the file a little bit more. It would be very helpful.
-
Kshitij Radotra about 4 yearsOk so i was able to generate the file but the next part (what i have to do with the file) is where i am confused.
-
Mats Karlsson about 4 yearsWell you got an answer, but didnt vote for it...
-
MatsK about 4 yearsCheck out this answer askubuntu.com/questions/180402/…
-
Kshitij Radotra about 4 yearsUnfortunately the link you shared is for LightDM. Ubuntu 19.10 uses GDM by default.
-
Mats Karlsson about 4 yearsIt answer your question "Can you elaborate the process of creating the file a little bit more", It clearly explains the file syntax!
-
Shadi Namrouti over 3 years@MatsKarlsson when I have 125 reputations, I will down vote your answer for being unclear to newbies.
-
Mats Karlsson over 3 years@ShadiNamrouti You are welcome to do that if you think that will gain you.
-
miigotu about 3 yearsIf someone did want to use the pin authentication for sudo, they could add the same line
auth sufficient pam_pwdfile.so pwdfile=/etc/custompinfile
to the top of/etc/pam.d/sudo