"auth sufficient" case /etc/pam.d/common-auth: auth sufficient pam_usb.so auth [success=1 default=ignore] pam_unix.so nullok_secure try_first_pass auth requisite pam_deny.so auth required pam_permit.so auth optional pam_ecryptfs.so unwrap auth optional pam_cap.so
Tom: knows his password and has the USB device John: does not know Tom's password or have the USB device Expected: To login as Tom, an user must know Tom's password or have the USB device either. Actual: == Tom logged out with the USB device plugged == [+0.00s] DEBUG: Logging to /var/log/lightdm/lightdm.log [+0.00s] DEBUG: Starting Light Display Manager 1.2.3, UID=0 PID=7727 <snip> [+0.85s] DEBUG: Activating VT 7 [+1.64s] DEBUG: Greeter start authentication for tom [+1.64s] DEBUG: Started session 7854 with service 'lightdm', username 'tom' [+1.87s] DEBUG: Session 7854 authentication complete with return value 0: Success [+1.87s] DEBUG: Authenticate result for user tom: Success [+1.91s] DEBUG: User tom authorized == Tom left from the PC with the unplugged USB device == == After a few minutes, John came at the PC then press Enter == [+107.87s] DEBUG: Greeter requests session ubuntu [+107.87s] DEBUG: Using session ubuntu [+107.87s] DEBUG: Stopping greeter <snip> [+108.54s] DEBUG: Starting session ubuntu as user tom == John can login as Tom without typing any password or having any USB device == That is undesired behavior. lightdm does not timeout authentication or check authenticate result again at real login. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1159457 Title: lightdm allows login with unplugged device needed for authentication Status in “lightdm” package in Ubuntu: Incomplete Bug description: Even if I unplugged device needed for authentication, lightdm still allows login without the device. How to reproduce: 1. setup pam_usb.so or pam_blue.so with "auth sufficient" on /etc/pam.d/common-auth pam_usb.so: https://github.com/aluzzardi/pam_usb/wiki/Getting-Started pam_blue.so: http://tjworld.net/wiki/Linux/Ubuntu/BluetoothLoginAndLocking 2. login to the user with the device 3. logout 4. unplug the USB device or turning off the bluetooth device 5. press Enter to login Expected result: login rejected or fallback to password login Actual result: login allowed, without the device or password WORKAROUND: make sure to press Esc on lightdm *after* unplugging the device ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: lightdm 1.2.3-0ubuntu1 ProcVersionSignature: Ubuntu 3.5.0-26.42~precise1-generic 3.5.7.6 Uname: Linux 3.5.0-26-generic x86_64 ApportVersion: 2.0.1-0ubuntu17.1 Architecture: amd64 CheckboxSubmission: 65fa7c094c0293dd4e9a81057a36a8fe CheckboxSystem: 0657dd966bc74d2b22e7c94051aa55af Date: Mon Mar 25 01:06:44 2013 EcryptfsInUse: Yes InstallationMedia: Ubuntu 12.04.2 LTS "Precise Pangolin" - Release amd64 (20130213) MarkForUpload: True ProcEnviron: TERM=xterm SHELL=/bin/bash PATH=(custom, no user) LANG=ja_JP.UTF-8 SourcePackage: lightdm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1159457/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
