[Pkg-xfce-devel] Bug#735670: Bug#735670: lightdm ask ldap administrator password when changing a password expired
Yves-Alexis Perez
corsac at debian.org
Fri Jan 17 11:56:28 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Fri, Jan 17, 2014 at 12:02:18PM +0100, Gabriele Pulzato wrote:
> Package: lightdm
> Version: 1.2.2-4
> Severity: important
>
> Dear Maintainer,
> I have a working authentication configuration with ldap on my debian
> wheezy workstation. Everything works fine except with lightdm when a
> ldap user have to change his password due to expiration. The user is
> able to login but in the next prompt, in place of asking new password,
> the ldap administrator password is asked. I've seen i have the same
> behaviour when i try to change a ldap user password via passwd as
> root.
> My nslcd configuration doesn't allow local root user to behave like
> ldap administrator.
> I've tried with gdm3 greeter and it works; it asks for new password
> and it allows to change the password properly.
> I've seen this different behaviour in auth.log:
>
> with gdm3:
>
> debian gdm3][10414]: pam_ldap(gdm3:auth): nslcd authentication; user=test
> debian gdm3][10414]: pam_ldap(gdm3:auth): authentication succeeded
> debian gdm3][10414]: pam_unix(gdm3:account): expired password for user
> test (password aged)
> debian gdm3][10414]: pam_unix(gdm3:chauthtok): username [test] obtained
> debian gdm3][10414]: pam_unix(gdm3:chauthtok): user "test" does not
> exist in /etc/passwd
> debian gdm3][10414]: pam_ldap(gdm3:chauthtok): nslcd authentication; user=test
> debian gdm3][10414]: pam_ldap(gdm3:chauthtok): authentication succeeded
> debian gdm3][10414]: pam_unix(gdm3:chauthtok): username [test] obtained
> debian gdm3][10414]: pam_unix(gdm3:chauthtok): user "test" does not
> exist in /etc/passwd
>
> with lightdm:
>
> debian lightdm: pam_ldap(lightdm:auth): nslcd authentication; user=test
> debian lightdm: pam_ldap(lightdm:auth): authentication succeeded
> debian lightdm: pam_unix(lightdm:account): expired password for user
> test (password aged)
> debian lightdm: pam_unix(lightdm:chauthtok): username [test] obtained
> debian lightdm: pam_unix(lightdm:chauthtok): user "test" does not
> exist in /etc/passwd
> debian lightdm: pam_ldap(lightdm:chauthtok): nslcd authentication; user=
> debian lightdm: pam_ldap(lightdm:chauthtok): user not handled by nslcd
>
> As you can see nslcd authentication have user value set in gdm3.
> Lightdm have a blank value instead.
>
> I've tried with lightdm-gtk-greeter and lightdm-crowd-greeter just to
> check if it was a greeter problem but the problem remains with both.
I guess the problem lies in the pam configuration files. You might want
to diff them and adjust the lightdm one. It might also help to check
with lightdm from testing or unstable.
Regards,
- --
Yves-Alexis Perez
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBCgAGBQJS2RplAAoJEG3bU/KmdcClTioIAKX0Cr1cwR7qCtKuom22Z1VU
OXhegAvq9sobq872+WVovCSBjQKYz15G5k8snMdWn3uAXgBdcBEau0jsyPeshDfd
FyZOBdF4FOiOAaXEQ6ecgrO1l/zPTyJazAmprqBauAQr3NBWYCbqseML6/3fjUmy
IRBnbDHnTb4CArWQL0/zUDR78QFLDzLPjAeS5YwrgPJ3Im5QeSzmkP0Bwj6nlZrs
2sH0K0Ml9A4rKM4BmuWckyOnNqDoE75P62csZZpQkd5jDv/URlP3EbSuHrDhgxqb
TWA/Y62kDZGGk+H2nZ5W9BbiQPo19wxFAVfRNv0Wx6vj4IKxntcIfmy3jQ6t6zo=
=HyqI
-----END PGP SIGNATURE-----
More information about the Pkg-xfce-devel
mailing list