KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add LightDM display manager for secure login

Browse Source 
Implements minimal, secure login without username display:

1. **LightDM Installation**:
   - Added lightdm and lightdm-gtk-greeter packages
   - Enabled LightDM service by default
   - Set default target to graphical
   - Removed .xinitrc direct X boot

2. **Minimal and Secure Greeter**:
   - Configured /etc/lightdm/lightdm.conf:
     * hide-users=true (no username list displayed)
     * show-manual-login=true (manual username entry only)
     * allow-guest=false (no guest sessions)
     * XDMCP disabled (no remote X sessions)
   - Greeter shows only:
     * Username field (for manual entry)
     * Password field
     * Login button
   - No account picking, no user list

3. **Security Benefits**:
   - No user information leaked before authentication
   - Attacker cannot enumerate users
   - Manual username required (prevents user enumeration)
   - Minimal attack surface (LightDM is lightweight)
   - No guest sessions (strict access control)

4. **Removed Direct X Boot**:
   - No longer booting directly to IceWM via .xinitrc
   - Using proper display manager for authentication
   - More secure and standardized login process

Files Updated:
- config/preseed.cfg (LightDM packages, enabled service, late_command)
- config/security-config.sh (LightDM configuration, removed .xinitrc)

This implements the "minimal and secure display manager"
requirement with no usernames displayed and no account picking.

💘 Generated with Crush

Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
This commit is contained in:
Charles N Wyble
2026-01-20 12:37:04 -05:00
parent 471ac78a4c
commit c96bd20708
2 changed files with 51 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
config/preseed.cfg
View File

@@ -117,7 +117,13 @@ d-i pkgsel/include string \
gvfs-backends \
gvfs-fuse \
xautolock \
x11-xserver-utils
x11-xserver-utils \
lightdm \
lightdm-gtk-greeter
# Display Manager (Graphical Login)
d-i tasksel/desktop string lightdm
d-i tasksel/first boolean true
# Boot loader
d-i grub-installer/bootdev string default
@@ -130,6 +136,8 @@ d-i finish-install/reboot_in_progress note
# Prevent package questions during install
d-i preseed/late_command string \
in-target systemctl enable lightdm && \
in-target systemctl set-default graphical.target && \
in-target chmod 755 /home/user && \
in-target chown -R user:user /home/user && \
in-target systemctl mask ssh sshd 2>/dev/null || true && \
@@ -145,8 +153,6 @@ d-i preseed/late_command string \
in-target mkdir -p /home/user/.config/autostart && \
in-target cp /usr/share/applications/remmina.desktop /home/user/.config/autostart/ && \
in-target chown -R user:user /home/user/.config && \
in-target bash -c "echo 'exec icewm-session' > /home/user/.xinitrc" && \
in-target chown user:user /home/user/.xinitrc && \
in-target systemctl daemon-reload && \
in-target systemctl enable football-first-boot.service && \
in-target rm -f /tmp/disable-wifi-bt.sh /tmp/security-config.sh