Thursday, May 26, 2011

Ubuntu without password requests

When I bought a computer for my son a few years ago, it came with XP preloaded. It was a refurbished computer from a local store, and they do a good job of putting together a cheap, basic system. At the time, I contemplated wiping the disk and putting Linux on it instead, but since it was already working and ready to use I decided to leave it as-is. The guys at the store had put Firefox and OpenOffice on it, so why mess with it?

XP has issues connecting to a WPA2 wifi router (it is something with DHCP, so if you give it a static IP address it usually works). And there is no security at all--I am fine with my son logging in without a password, but I can't lock down anything else on it. Upgrading to Windows 7 would cost more than the computer, and would probably run at a crawl. So I left it with XP, warts and all.

Something has died inside the computer recently, and since it won't complete booting from disk, CD, or USB, I decided to declare it a goner. I had another unused basic computer that had a fresh install of XP on it, but this time I wiped it out and put the latest version of Ubuntu on it. I have been using Linux on my laptop for the last two years (mostly Ubuntu, though I did switch to OpenSUSE for a while), and it really is a much smoother experience. On my laptop, which is much more current, I had to do a little work tweaking the sound, but on a slightly older desktop computer like this one everything usually runs perfectly. This is a big event because instead of just using Linux for myself and reveling in how good it is, I am forcing it on my progeny.

In any case, and to the point of this posting, I set the computer up so he would not need to log in (Ubuntu lets you choose a user that will be logged in automatically after a specified period of time such as 10 seconds). The computer now fires up and heads straight into Ubuntu logged in with his user.

All that went perfectly except for connecting to wifi (it's a desktop, but it has a USB wifi dongle sticking out the back). Ubuntu stores the wifi access password in the user's keyring so that every time it connects to that wifi network it can look up the password from the encrypted storage and fire it off to the access point.

But when the user logs in automatically, they don't enter a password and the keyring is never unlocked and so when it tries to connect to the network it requests a password. I did some googling and found that the solution was related to the cryptic Available to all users checkbox in the network manager, but I had to do the following to actually make it work:

  • After booting, when the network tries to connect and requests a password, hit cancel. (It may ask several times. Always hit cancel.)
  • Click the network manager icon and select Edit Connections
  • Go to the Wireless tab and choose your connection, then click Edit
  • Go to the Wireless Security tab and enter the password for the wifi connection
  • Click the Available to all users checkbox at the bottom of the dialog. (You should be asked for your administrator login to verify. If asked for a keyring password to unlock it, hit cancel every time.)
  • Click all the OK buttons and reboot.

The key to this is that you never unlock the keyring, and you provide the administrator password when asked. After rebooting, the user should be able to log in and get the wifi connection automatically.

I considered some other solutions such as removing the password from the keyring or running a hard line to the computer and letting it use a wired connection. This solution is a slight security breach, but someone would need physical access to the computer to dig out the wifi password, and if they have that then they also have physical access to the router and to all the other computers on the network. So no biggie--when he gets older he will want a password and we can lock his system down properly. And I may even tell him what I can see on his password-protected computer using sudo and su before he heads off to college...

Submitted by richard on Thu, 05/26/2011 - 13:52

No comments:

Post a Comment