Information
The GNOME Display Manager is used for login session management. See the manual page
gdm(1) for more information. By default, GNOME automatic login is defined in
/etc/pam.d/gdm-autologin to allow users to access the system without a password.
Rationale:
As automatic logins are a known security risk for other than "kiosk" types of systems,
GNOME automatic login should be disabled in /etc/pam.d/gdm-autologin.
Solution
Comment out or remove all lines from /etc/pam.d/gdm-autologin:
# cp /etc/pam.d/gdm-autologin /etc/pam.d/gdm-autologin.orig
# awk '{ if ( $1 ~ /auth/ || $1 ~ /account/) $1 = "#"$1 } { print };'
/etc/pam.d/gdm-autologin > /etc/pam.d/gdm-autologin.CIS
# cp /etc/pam.d/gdm-autologin.CIS /etc/pam.d/gdm-autologin