Marking confirmed. It is actually pretty trivial to reproduce, no need
for a network directory (such as LDAP) for that.
Step to reproduce:
1. Create a dummy group to test:
$ sudo addgroup test
2. configure pam_group:
$ echo "*; *; *; Al0000-2400" | sudo tee -a /etc/security/group.con
$ echo "auth optional pam_group.so" | sudo tee -a /etc/pam.d/common-auth
3. Log in through LightDM, and run the "id" command from a terminal. Notice
you are not member of group "test".
4. Switch to VT using Ctrl-Alt-F1 and log in (or, alternatively, log in
throughssh). Run the "id" command, and notice you *are* member of group "test".
Tested on precise, amd64, lightdm 1.1.1-0ubuntu4.
** Also affects: lightdm (Ubuntu)
Importance: Undecided
Status: New
** Changed in: lightdm (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/880104
Title:
Using pam_group results in: pam_group(lightdm:setcred): unable to set
the group membership for user: operation not permitted
Status in Light Display Manager:
Confirmed
Status in “lightdm” package in Ubuntu:
Confirmed
Bug description:
I have configured many computers to authenticate through a openldap server.
To be able to be admin in each computer, I use pam_group feature to select
additional groups for user. (/etc/security/group.conf).
Login directly on the console give me good group membership (the one defined
in group.conf), but login from lightdm results in an error message in
auth.local:
pam_group(lightdm:setcred): unable to set the group membership for user:
operation not permitted.
Of course, the group membership is not set as it should.
To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/880104/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
