autologon_unix.dita@ 105134

Last change on this file since 105134 was 105134, checked in by vboxsync, 11 months ago

Docs: bugref:10705. This is a merge commit to introduce doc team's changes in the user manual dita files. The following files
are excluded from this process:

Files whose names satrt with "viso", "vboxmanage", "man_", "vboximg", "vboxheadless", or "user_isomakercmd-man".

And general notes about this merge are as follows:

For now I leave glossentry-*dita file as they are since we use different enclosing dita elements
in hdimagewrites.dita we have <note type="attention"> while doc team's copy has <note type="caution">. Not sure if this is significant.

For now I copy doc team's version over.

I have not modified our UserManual.ditamap file. This will be done in a follow up commit.

The list of commits we have merged are as follows:

r3392: 7.1 new features; add comments to some DITA topics
r3730: VBP-283: Update supported platforms; 7.0 and 7.1
r3980: 7.1: reset menu option; add note
r3992: ARM hosts; add draft topic on limitations; add container topic for ARM-based subtopics
r3993: ARM create new VM wizard: add some dummy topics
r4014: ER 34784410 DOCUMENT THE VIRTUAL MACHINE TASKBAR ICONS: port topic and icon graphics from 7.0 tree
r4026: VBP-378: status bar icons; remove any mention of task bar; ported from 7.0
r4034: Cloning a cloud VM; add draft topic
r4035: Cloning a cloud VM;typo
r4036: Cloning a cloud VM;add xref from intro topic
r4050: Reset operation; add instructions
r4051: Amend comment
r4052: Ditaval markup for images
r4056: Add ditaval markup for images
r4057: Add ditaval markup for images
r4058: Add ditaval markup for images
r4073: UI experience level: add dummy topic
r4075: Subtype: option for VM settings General tab and Create VM wizard
r4094: Cloud VM reset; add to relnotes
r4095: Reset VM; use main Machine menu, rather than right-click menu
r4099: ARM hosts; draft revisions to cover different wizard screens
r4134: Cloud VMs: file manager menu option; add comment
r4214: Settings page, Motherboard tab: Chipset option for Arm VMs; add note
r4306: Terminology checker: clear up Errors; Installation chapter
r4307: Terminology checker: clear up Errors; Config settings/GA chapters
r4308: Terminology checker: clear up Errors; Storage, networking, remote VM chapters
r4311: Terminology checker: clear up Errors: various
r4324: Prefences and settings; potential areas for change in 7.1
r4356: r160214: Monitoring cloud VM performance; add new topic
r4358: r160214: Monitoring cloud VM performance; add new topic
r4364: r160214: Monitoring cloud VM performance; redraft topic
r4374: Experience levels; update user manual topic
r4377: Experience levels; Preferences window: add note re. availability of all possible settings
r4378: Experience levels; Preferences window: add note re. availability of all possible settingsLp
r4379: Typos and add remark re. Global menu changes
r4387: Preferences, Display: some settings introduced post-7.0: font scaling and extended features
r4388: Performance monitoring: add cloud VM instances to intro para
r4389: Experience levels: selecting a level, add graphic of icon
r4391: Resource monitoring; add CLI example to show CPU usage for a cloud instance
r4395: Experience levels; apply to menu items only
r4398: Experience levels; add notes
r4401: Experience levels; remove pics of global tools menu/machine tools menu; number of menu items can vary
r4402: Experience levels; remove image files for global tools menu/machine tools menu
r4525: Experience levels: minor redraft
r4528: Typo
r4538: Experience levels: selected level applies throughout VirtualBox Manager GUI
r4543: GUI topics; add notes for required changes
r4544: VISO Creator changes
r4563: r160714: unattended guest install example; now has user-password option
r4569: Terminology: front end, not front-end
r4570: Arm wizard screens; remove, as Create VM Wizard will be very similar regardless of architecture
r4571: Arm wizard screens; remove, as Create VM Wizard will be very similar regardless of architecture
r4623: Cloud VM monitoring: Compute Instance Monitoring plugin must be enabled; add note
r4625: CPU activity icon; update, now has solid bar
r4626: GUI changes; various, from Serkan; includes new pic for soft keyboard
r4629: separate mode: add some draft topics, will need to get technical review at a later stage
r4634: GUI; various notes and updates
r4655: Typo
r4703: Arm host platform limitations; redraft and add topic to host OS section
r4724: VISO creator; add notes re. ISO import
r4725: Separate mode: edits
r4863: r161176; Python 2.x no longer supported for API
r4899: Arm host support: limitations
r4910: Create VM wizard: settings may vary x86 vs. Arm hosts
r4911: Guest OS support; add note re. supported aarch64 OSes
r4973: r161445: Remove mention of parallel port support
r5004: Cloud VM monitoring: detailed data graphs and Activity Overview
r5038: Cloud VM monitoring: export to file
r5214: r161947: Solaris non-Global zone configuration
r5215: r161947: Solaris non-Global zone configuration; typo
r5230: Glossary: fix title for I/O APIC topic
r5341: Experience levels; can be selected from welcome screen in VirtualBox Manager; need replacement pic
r5345: Experience levels; add note on Welcome screen option
r5346: Arm host limitations; unavailable System settings
r5434: r162377: shared folders; symlinks behaviour
r5565: Cloud VM list in VirtualBox Manager; show mixed VM types; screenshot from Klaus
r5627: Obfuscate UUID data in screen shot
r5628: Delete legacy cloudvm pic; use mixed VMs example
r5654: Clean up comments in source files; redraft VM activity section
r5672: 7.1 changes; add comments
r5683: 7.1 changes; add comments for Arm topics
r5687: 7.1 changes; GUI; add comments
r5703: Oracle notices; include up to date versions in preface-* topics for User Guide
r5707: r162904: Windows install directory requirements; redraft
r5781: updated GNU version from 2 to 3 as per r163272
r5812: started removal of screenshots and updating tasks VBP-807
r5818: Further updates to creating a VM VBP-807
r5822: Restructured topics and made task based VBP-807
r5824: Removed files during restructure VBP-807
r5834: Fixed formatting of note and caution VBP-807
r5836: Updated supported host OS list VBP-825
r5837: updated USB topics for VBP-823
r5842: changes as per legal request re supported guests VBP-843
r5853: Updated versions following review. VBP-825

Property svn:eol-style set to native
Property svn:keywords set to Author Date Id Revision

File size: 8.1 KB

Line
1	<?xml version='1.0' encoding='UTF-8'?>
2	<!DOCTYPE topic PUBLIC "-//OASIS//DTD DITA Topic//EN" "topic.dtd">
3	<topic xml:lang="en-us" id="autologon_unix">
4	<title>Automated Linux and UNIX Guest Logins</title>
5
6	<body>
7	<p>
8	<ph conkeyref="vbox-conkeyref-phrases/product-name"/> provides a custom PAM module (Pluggable
9	Authentication Module) which can be used to perform automated
10	guest logins on platforms which support this framework.
11	Virtually all modern Linux and UNIX distributions rely on PAM.
12	</p>
13	<p>
14	For automated logins on Ubuntu, or Ubuntu-derived, distributions
15	using LightDM as the display manager. See
16	<xref href="autologon_unix_lightdm.dita#autologon_unix_lightdm"/>.
17	</p>
18	<p>
19	The <filepath>pam_vbox.so</filepath> module itself
20	<i>does not</i> do an actual verification of the
21	credentials passed to the guest OS. Instead it relies on other
22	modules such as <filepath>pam_unix.so</filepath> or
23	<filepath>pam_unix2.so</filepath> down in the PAM stack to do
24	the actual validation using the credentials retrieved by
25	<filepath>pam_vbox.so</filepath>. Therefore
26	<filepath>pam_vbox.so</filepath> has to be on top of the
27	authentication PAM service list.
28	</p>
29	<note>
30	<p>
31	The <filepath>pam_vbox.so</filepath> module only supports the
32	<codeph>auth</codeph> primitive. Other primitives such as
33	<codeph>account</codeph>, <codeph>session</codeph>, or
34	<codeph>password</codeph> are not supported.
35	</p>
36	</note>
37	<p> The <filepath>pam_vbox.so</filepath> module is shipped as part of the Guest Additions but it
38	is not installed or activated on the guest OS by default. In order to install it, it has to be
39	copied from <filepath>/opt/VBoxGuestAdditions-<varname>version</varname>/other/</filepath> to
40	the security modules directory. This is usually <filepath>/lib/security/</filepath> on 32-bit
41	Linux guests or <filepath>/lib64/security/</filepath> on 64-bit Linux guests. Please refer to
42	your guest OS documentation for the correct PAM module directory. </p>
43	<p>
44	For example, to use <filepath>pam_vbox.so</filepath> with a
45	Ubuntu Linux guest OS and the GNOME Desktop Manager (GDM) to log
46	in users automatically with the credentials passed by the host,
47	configure the guest OS as follows:
48	</p>
49	<ol>
50	<li>
51	<p>
52	Copy the <filepath>pam_vbox.so</filepath> module to the
53	security modules directory. In this case,
54	<filepath>/lib/security</filepath>.
55	</p>
56	</li>
57	<li>
58	<p>
59	Edit the PAM configuration file for GDM, found at
60	<filepath>/etc/pam.d/gdm</filepath>. Add the line
61	<codeph>auth requisite pam_vbox.so</codeph> at the top.
62	Additionally, in most Linux distributions there is a file
63	called <filepath>/etc/pam.d/common-auth</filepath>. This
64	file is included in many other services, like the GDM file
65	mentioned above. There you also have to add the line
66	<codeph>auth requisite pam_vbox.so</codeph>.
67	</p>
68	</li>
69	<li>
70	<p> If authentication against the shadow database using <filepath>pam_unix.so</filepath> or
71	<filepath>pam_unix2.so</filepath> is required, the argument
72	<codeph>try_first_pass</codeph> for <filepath>pam_unix.so</filepath> or
73	<codeph>use_first_pass</codeph> for <filepath>pam_unix2.so</filepath> is needed in order
74	to pass the credentials from the <ph conkeyref="vbox-conkeyref-phrases/product-name"/>
75	module to the shadow database authentication module. For Ubuntu, this must be added to
76	<filepath>/etc/pam.d/common-auth</filepath>, to the end of the line referencing
77	<filepath>pam_unix.so</filepath>. This argument tells the PAM module to use credentials
78	already present in the stack, such as the ones provided by the <ph
79	conkeyref="vbox-conkeyref-phrases/product-name"/> PAM module. </p>
80	</li>
81	</ol>
82	<note type="attention">
83	<p>
84	An incorrectly configured PAM stack can effectively prevent
85	you from logging into your guest system.
86	</p>
87	</note>
88	<p>
89	To make deployment easier, you can pass the argument
90	<codeph>debug</codeph> right after the
91	<filepath>pam_vbox.so</filepath> statement. Debug log output
92	will then be recorded using syslog.
93	</p>
94	<note>
95	<p>
96	By default, <userinput>pam_vbox</userinput> does not wait for
97	credentials to arrive from the host. When a login prompt is
98	shown, for example by GDM/KDM or the text console, and
99	<userinput>pam_vbox</userinput> does not yet have credentials it
100	does not wait until they arrive. Instead the next module in
101	the PAM stack, depending on the PAM configuration, will have
102	the chance for authentication.
103	</p>
104	</note>
105	<p><userinput>pam_vbox</userinput> supports various guest property
106	parameters that are located in
107	<filepath>/VirtualBox/GuestAdd/PAM/</filepath>. These parameters
108	allow <userinput>pam_vbox</userinput> to wait for credentials to be
109	provided by the host and optionally can show a message while
110	waiting for those. The following guest properties can be set:
111	</p>
112	<ul>
113	<li>
114	<p><codeph>CredsWait</codeph>: Set to 1 if
115	<userinput>pam_vbox</userinput> should start waiting until
116	credentials arrive from the host. Until then no other
117	authentication methods such as manually logging in will be
118	available. If this property is empty or gets deleted no
119	waiting for credentials will be performed and
120	<userinput>pam_vbox</userinput> will act like before. This
121	property must be set read-only for the guest
122	(<codeph>RDONLYGUEST</codeph>).
123	</p>
124	</li>
125	<li>
126	<p><codeph>CredsWaitAbort</codeph>: Aborts waiting for
127	credentials when set to any value. Can be set from host and
128	the guest.
129	</p>
130	</li>
131	<li>
132	<p><codeph>CredsWaitTimeout</codeph>: Timeout, in seconds, to
133	let <userinput>pam_vbox</userinput> wait for credentials to
134	arrive. When no credentials arrive within this timeout,
135	authentication of <userinput>pam_vbox</userinput> will be set to
136	failed and the next PAM module in chain will be asked. If
137	this property is not specified, set to 0 or an invalid
138	value, an infinite timeout will be used. This property must
139	be set read-only for the guest
140	(<codeph>RDONLYGUEST</codeph>).
141	</p>
142	</li>
143	</ul>
144	<p>
145	To customize <userinput>pam_vbox</userinput> further there are the
146	following guest properties:
147	</p>
148	<ul>
149	<li>
150	<p><codeph>CredsMsgWaiting</codeph>: Custom message showed
151	while pam_vbox is waiting for credentials from the host.
152	This property must be set read-only for the guest
153	(<codeph>RDONLYGUEST</codeph>).
154	</p>
155	</li>
156	<li>
157	<p><codeph>CredsMsgWaitTimeout</codeph>: Custom message
158	showed when waiting for credentials by
159	<userinput>pam_vbox</userinput> has timed out. For example, they
160	did not arrive within time. This property must be set
161	read-only for the guest (<codeph>RDONLYGUEST</codeph>).
162	</p>
163	</li>
164	</ul>
165	<note>
166	<p>
167	If a <userinput>pam_vbox</userinput> guest property does not have
168	the correct flag set (<codeph>RDONLYGUEST</codeph>) the
169	property is ignored and, depending on the property, a default
170	value will be used. This can result in pam_vbox not waiting
171	for credentials. Consult the appropriate syslog file for more
172	information and use the <codeph>debug</codeph> option.
173	</p>
174	</note>
175	</body>
176	</topic>

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format