July 31st, 2007
For years, people have been asking how to create a guest account with no password in Ubuntu. Usually, someone replies that this a security risk and warns against proceeding. Then some other people recognize it as a security risk but still try to help the person… to no avail. The most commonly suggested “solution” is sudo passwd -d username, which is supposed to delete the password for username, at least according to man passwd:
Delete a user’s password (make it empty). This is a quick way to disable a password for an account. It will set the named account passwordless.
It does not work on Ubuntu, though.
A year and a half ago, someone created what I view as being a fairly complex workaround editing the PAM config and maintaining a separate text file listing users who are allowed a passwordless login. I’m not sure if that works or not, but the most straightforward way I could think to do this is copy what was done on the Ubuntu live CD. After all, on the Ubuntu live CD (also known as the Desktop CD), the username is ubuntu, but you’re not required to enter a password—you can just press Enter for the password and log in.
So I looked at the /etc/shadow file, which holds encrypted passwords for all users, on the live CD and found that the encrypted password for the user ubuntu is U6aMy0wojraho. So I tried editing the /etc/shadow file on my own installation of Ubuntu and changing the password for a test user from its previous encrypted password to U6aMy0wojraho, and I was able to log in as that user without entering a password.