On Mon, Jun 1, 2015 at 1:06 AM, ToddAndMargo <[log in to unmask]> wrote:
> Hi All,
>
> Thought you guys might like this note I wrote myself on
> how to autologin.  Hopefully it will keep others from
> tearing their out.
>
> -T

If I thought it were a good idea, I'd be more supportive. There are
uses, such as for VM's or PXE rebuilt classroom hosts or kiosk
environments that are designed to have only one throw-away user on
them and flush them after every login. And I admit it can be handy on
a personal laptop that no one else is allowed to touch.

But many browsers and mail clients keep copies of personal credentials
in an unlocked local configuration file, which is made accessible
without *any* additional authentication by this approach. And many
people, to this day and age, are *horrible* aobut protecting their
private SSH keys or stored Subversion passwords in $HOME, and equally
bad about using different passwords for different types of internal
and external accounts.

With autologin enabled, all someone has to do is crash your machine or
power cycle it to gain access to any private information in $HOME/.
There are additional layers of protection you can try to provide, but
it can get burdensome quite quickly. So think very carefully before
activating autologin.