[Desktop-packages] [Bug 592162] Re: update libpam-gnome-keyring causes authentication failure

dino99 Fri, 21 Aug 2015 03:51:41 -0700

This version has expired now

** Changed in: gnome-keyring (Ubuntu)
       Status: New => Invalid


-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-keyring in Ubuntu.
https://bugs.launchpad.net/bugs/592162

Title:
  update libpam-gnome-keyring causes authentication failure

Status in gnome-keyring package in Ubuntu:
  Invalid

Bug description:
  Binary package hint: gnome-keyring

  Updating Ubuntu 10.04 using Synaptic to latest version of 
libpam-gnome-keyring (and gnome-keyring) caused any logins via gdm to return 
with 
  "Authentication Failure", instead of a successful login (used many times with 
much success).

  Output from /root/.synaptic/log/:
  # cat /root/.synaptic/log/2010-06-09.111041.log | grep keyring
  gnome-keyring (2.92.92.is.2.30.1-0ubuntu1) to 2.92.92.is.2.30.1-0ubuntu2
  libpam-gnome-keyring (2.92.92.is.2.30.1-0ubuntu1) to 
2.92.92.is.2.30.1-0ubuntu2

  The failures appeared to produce the following messages in /var/log/auth.log:
  Jun  9 22:38:49 nnabXXXXXXX gdm-session-worker[1869]: 
pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not met by 
user "XXXXXX"
  Jun  9 22:38:55 nnabXXXXXXX gdm-session-worker[1869]: pam_unix(gdm:auth): 
authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=  user=XXXXXX

  The password was confirmed as working, and even though the user was
  added to the "nopasswdlogin" group, logins still failed. The "not met
  by user" message does not appear to be the reason for the failures, so
  these have been ignored.

  When attempting an 'su' to the user which receives the authentication failure 
message ("su - XXXXXX" as root), the following messages were produced:
  Jun  9 22:46:13 nnabXXXXXX su[1219]: [module:pam_lsass]pam_sm_acct_mgmt 
failed [login:XXXXXX][error code:2]
  Jun  9 22:46:13 nnabXXXXXX su[1219]: Successful su for XXXXXX by root
  Jun  9 22:46:13 nnabXXXXXX su[1219]: + /dev/console root:XXXXXX
  Jun  9 22:46:13 nnabXXXXXX su[1219]: pam_unix(su:session): session opened for 
user XXXXXX by (uid=0)
  Jun  9 22:46:13 nnabXXXXXX su[1219]: [module:pam_lsass]pam_sm_open_session 
failed [login:XXXXXX][error code: 2]
  Jun  9 22:48:31 nnabXXXXXX su[1219]: pam_unix(su:session): session closed for 
user XXXXXX

  Hence the decision to comment out references to "lsass" as this system
  also has "likewise" installed, and the following lines were commented
  out due to the "required" directive being somewhat suspicious (unsure
  if it was required previously, but regardless, commenting out these
  lines meant a successful login could take place):

  # grep -1 lsass *
  atd-session    required   pam_limits.so
  atd:session    sufficient   pam_lsass.so
  --
  chfn-@include common-session
  chfn:session sufficient pam_lsass.so
  chfn-
  --
  chsh-@include common-session
  chsh:session sufficient pam_lsass.so
  chsh-
  --
  common-account-# Commented out by Simon Willgoss - 2010-06-09
  common-account:#account       required                        pam_lsass.so    
                unknown_ok
  common-account:#account       sufficient                      pam_lsass.so
  common-account-account        requisite                       pam_deny.so
  --
  common-auth-# here's the fallback if no module succeeds
  common-auth:# pam_lsass.so commented out by Simon Willgoss - 2010-06-09
  common-auth:#auth     sufficient                      pam_lsass.so            
        try_first_pass
  common-auth-auth      requisite                       pam_deny.so
  --
  common-password-# Commented out by Simon Willgoss - 2010-06-09
  common-password:#password     sufficient                      pam_lsass.so    
                try_first_pass                  use_authtok
  common-password-password      requisite                       pam_deny.so
  
########################################################################################

  Commenting out these was the only successful change that permitted a login 
via gdm.
  It appears, from all that I have seen, that updating to the package 
identified above has perhaps modified or brought about a change in the 
behaviour between pam and the lsass module. 

  # lsb_release -rd
  Description:  Ubuntu 10.04 LTS
  Release:      10.04

  Full list of packages updated:
  # cat /root/.synaptic/log/2010-06-09.111041.log 
  Commit Log for Wed Jun  9 11:10:41 2010

  
  Upgraded the following packages:
  brasero (2.30.0-0ubuntu1) to 2.30.1-0ubuntu2
  brasero-common (2.30.0-0ubuntu1) to 2.30.1-0ubuntu2
  gnome-keyring (2.92.92.is.2.30.1-0ubuntu1) to 2.92.92.is.2.30.1-0ubuntu2
  gnome-panel (1:2.30.0-0ubuntu1) to 1:2.30.0-0ubuntu2
  gnome-panel-data (1:2.30.0-0ubuntu1) to 1:2.30.0-0ubuntu2
  libbrasero-media0 (2.30.0-0ubuntu1) to 2.30.1-0ubuntu2
  libcairomm-1.0-1 (1.8.0-1build2) to 1.8.4-0ubuntu1
  libgcr0 (2.92.92.is.2.30.1-0ubuntu1) to 2.92.92.is.2.30.1-0ubuntu2
  libgp11-0 (2.92.92.is.2.30.1-0ubuntu1) to 2.92.92.is.2.30.1-0ubuntu2
  libpam-gnome-keyring (2.92.92.is.2.30.1-0ubuntu1) to 
2.92.92.is.2.30.1-0ubuntu2
  libpanel-applet2-0 (1:2.30.0-0ubuntu1) to 1:2.30.0-0ubuntu2
  linux-headers-2.6.32-22 (2.6.32-22.33) to 2.6.32-22.36
  linux-headers-2.6.32-22-generic (2.6.32-22.33) to 2.6.32-22.36
  linux-image-2.6.32-22-generic (2.6.32-22.33) to 2.6.32-22.36
  linux-libc-dev (2.6.32-22.33) to 2.6.32-22.36
  openoffice.org-base-core (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
  openoffice.org-calc (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
  openoffice.org-common (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
  openoffice.org-core (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
  openoffice.org-draw (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
  openoffice.org-emailmerge (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
  openoffice.org-gnome (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
  openoffice.org-gtk (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
  openoffice.org-impress (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
  openoffice.org-math (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
  openoffice.org-style-human (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
  openoffice.org-writer (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
  python-papyon (0.4.6-0ubuntu2) to 0.4.8-0ubuntu1
  python-uno (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
  rhythmbox (0.12.8-0ubuntu5) to 0.12.8-0ubuntu6
  rhythmbox-plugin-cdrecorder (0.12.8-0ubuntu5) to 0.12.8-0ubuntu6
  rhythmbox-plugins (0.12.8-0ubuntu5) to 0.12.8-0ubuntu6
  telepathy-butterfly (0.5.8-1ubuntu1) to 0.5.9-0ubuntu1
  ttf-opensymbol (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
  tzdata (2010i-1) to 2010j-0ubuntu0.10.04
  uno-libs3 (1.6.0+OOo3.2.0-7ubuntu4) to 1.6.0+OOo3.2.0-7ubuntu4.1
  ure (1.6.0+OOo3.2.0-7ubuntu4) to 1.6.0+OOo3.2.0-7ubuntu4.1
  xsane (0.996-2ubuntu2) to 0.996-2ubuntu3
  xsane-common (0.996-2ubuntu2) to 0.996-2ubuntu3

  ProblemType: Bug
  DistroRelease: Ubuntu 10.04
  Package: libpam-gnome-keyring 2.92.92.is.2.30.1-0ubuntu2
  ProcVersionSignature: Ubuntu 2.6.32-22.36-generic 2.6.32.11+drm33.2
  Uname: Linux 2.6.32-22-generic x86_64
  NonfreeKernelModules: fglrx
  Architecture: amd64
  Date: Thu Jun 10 19:12:15 2010
  InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release amd64 (20091027)
  ProcEnviron:
   LANG=en_AU.UTF-8
   SHELL=/bin/bash
  SourcePackage: gnome-keyring

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/592162/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 592162] Re: update libpam-gnome-keyring causes authentication failure

Reply via email to