Your message dated Sun, 02 Feb 2014 13:48:34 +0000
with message-id <[email protected]>
and subject line Bug#735670: fixed in lightdm 1.8.6-2
has caused the Debian Bug report #735670,
regarding lightdm ask ldap administrator password when changing a password
expired
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
735670: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735670
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: lightdm
Version: 1.2.2-4
Severity: important
Dear Maintainer,
I have a working authentication configuration with ldap on my debian
wheezy workstation. Everything works fine except with lightdm when a
ldap user have to change his password due to expiration. The user is
able to login but in the next prompt, in place of asking new password,
the ldap administrator password is asked. I've seen i have the same
behaviour when i try to change a ldap user password via passwd as
root.
My nslcd configuration doesn't allow local root user to behave like
ldap administrator.
I've tried with gdm3 greeter and it works; it asks for new password
and it allows to change the password properly.
I've seen this different behaviour in auth.log:
with gdm3:
debian gdm3][10414]: pam_ldap(gdm3:auth): nslcd authentication; user=test
debian gdm3][10414]: pam_ldap(gdm3:auth): authentication succeeded
debian gdm3][10414]: pam_unix(gdm3:account): expired password for user
test (password aged)
debian gdm3][10414]: pam_unix(gdm3:chauthtok): username [test] obtained
debian gdm3][10414]: pam_unix(gdm3:chauthtok): user "test" does not
exist in /etc/passwd
debian gdm3][10414]: pam_ldap(gdm3:chauthtok): nslcd authentication; user=test
debian gdm3][10414]: pam_ldap(gdm3:chauthtok): authentication succeeded
debian gdm3][10414]: pam_unix(gdm3:chauthtok): username [test] obtained
debian gdm3][10414]: pam_unix(gdm3:chauthtok): user "test" does not
exist in /etc/passwd
with lightdm:
debian lightdm: pam_ldap(lightdm:auth): nslcd authentication; user=test
debian lightdm: pam_ldap(lightdm:auth): authentication succeeded
debian lightdm: pam_unix(lightdm:account): expired password for user
test (password aged)
debian lightdm: pam_unix(lightdm:chauthtok): username [test] obtained
debian lightdm: pam_unix(lightdm:chauthtok): user "test" does not
exist in /etc/passwd
debian lightdm: pam_ldap(lightdm:chauthtok): nslcd authentication; user=
debian lightdm: pam_ldap(lightdm:chauthtok): user not handled by nslcd
As you can see nslcd authentication have user value set in gdm3.
Lightdm have a blank value instead.
I've tried with lightdm-gtk-greeter and lightdm-crowd-greeter just to
check if it was a greeter problem but the problem remains with both.
-- System Information:
Debian Release: 7.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages lightdm depends on:
ii adduser 3.113+nmu3
ii consolekit 0.4.5-3.1
ii dbus 1.6.8-1+deb7u1
ii debconf [debconf-2.0] 1.5.49
ii libc6 2.13-38
ii libglib2.0-0 2.33.12+really2.32.4-5
ii libpam0g 1.1.3-7.1
ii libxcb1 1.8.1-2+deb7u1
ii libxdmcp6 1:1.1.1-1
ii lightdm-gtk-greeter [lightdm-greeter] 1.1.6-2
Versions of packages lightdm recommends:
ii xserver-xorg 1:7.7+3~deb7u1
Versions of packages lightdm suggests:
ii accountsservice 0.6.21-8
ii upower 0.9.17-1
-- Configuration Files:
/etc/lightdm/lightdm.conf changed:
[LightDM]
[SeatDefaults]
xserver-allow-tcp=false
greeter-session=lightdm-greeter
greeter-hide-users=true
user-session=gnome-session
session-wrapper=/etc/X11/Xsession
[XDMCPServer]
[VNCServer]
enabled=true
port=5900
width=1024
height=768
depth=8
/etc/pam.d/lightdm changed:
auth requisite pam_nologin.so
auth required pam_env.so readenv=1
auth required pam_env.so readenv=1 envfile=/etc/default/locale
@include common-auth
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad]
pam_selinux.so close
session required pam_limits.so
session required pam_loginuid.so
@include common-session
session [success=ok ignore=ignore module_unknown=ignore default=bad]
pam_selinux.so open
@include common-password
In addition to these files my configuration is:
nslcd.conf:
uid nslcd
gid nslcd
uri ldap://ldap2
uri ldap://ldap1
base passwd ou=people,dc=myorg
base shadow ou=people,dc=myorg
base group ou=groups,dc=myorg
ldap_version 3
binddn cn=reader,dc=myorg
bindpw readerpass
ssl start_tls
tls_reqcert allow
common-auth:
auth [success=5 default=ignore] pam_unix.so nullok_secure debug
auth [success=3 authinfo_unavail=ignore default=1] pam_ldap.so
minimum_uid=1000 use_first_pass debug
auth [success=3 default=ignore] pam_ccreds.so action=validate use_first_pass
auth [default=bad] pam_ccreds.so action=update
auth requisite pam_deny.so
auth [default=ignore] pam_ccreds.so action=store
auth required pam_permit.so
common-account:
account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so
account [success=1 new_authtok_reqd=done authinfo_unavail=1
default=ignore] pam_ldap.so minimum_uid=1000 debug
account requisite pam_deny.so
account required pam_permit.so
common-password:
password [success=2 default=ignore] pam_unix.so obscure sha512 debug
password [success=1 new_authtok_reqd=1 default=ignore]
pam_ldap.so minimum_uid=1000 try_first_pass debug
#password [default=1] pam_ldap.so minimum_uid=1000
try_first_pass debug
password requisite pam_deny.so
password required pam_permit.so
common-session:
session [default=ok] pam_permit.so
session [default=ignore] pam_unix.so
session [default=ignore] pam_ldap.so minimum_uid=1000
session [default=ignore] pam_mkhomedir.so skel=/etc/skel umask=0022
-- debconf information:
lightdm/daemon_name: /usr/sbin/lightdm
* shared/default-x-display-manager: lightdm
Thank you for support.
--- End Message ---
--- Begin Message ---
Source: lightdm
Source-Version: 1.8.6-2
We believe that the bug you reported is fixed in the latest version of
lightdm, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yves-Alexis Perez <[email protected]> (supplier of updated lightdm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 02 Feb 2014 14:15:27 +0100
Source: lightdm
Binary: lightdm lightdm-vala liblightdm-gobject-1-0 liblightdm-qt-3-0
liblightdm-gobject-dev liblightdm-qt-dev gir1.2-lightdm-1
Architecture: source amd64
Version: 1.8.6-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Xfce Maintainers <[email protected]>
Changed-By: Yves-Alexis Perez <[email protected]>
Description:
gir1.2-lightdm-1 - Typelib file for liblightdm-1
liblightdm-gobject-1-0 - simple display manager (gobject library)
liblightdm-gobject-dev - simple display manager (gobject development files)
liblightdm-qt-3-0 - simple display manager (Qt library)
liblightdm-qt-dev - simple display manager (Qt development files)
lightdm - simple display manager
lightdm-vala - simple display manager (Vala files)
Closes: 735670
Changes:
lightdm (1.8.6-2) unstable; urgency=medium
.
* debian/patches:
- 03_fix-pam_chauthtok-call added, pass PAM_CHANGE_EXPIRED_AUTHTOK to the
pam_chauthtok() call. closes: #735670
Checksums-Sha1:
87d426483d8f21c602003076c7015b978fa1cde4 2322 lightdm_1.8.6-2.dsc
d10420d48bbfd5ea9de681fd3ebc819f8834ea25 30600 lightdm_1.8.6-2.debian.tar.xz
447b38fdc9ed10efa47891e69d46fd8aff16bb77 138000 lightdm_1.8.6-2_amd64.deb
ad655b29c6da4fb5c5f41448059dc9dd55ca9fde 18450 lightdm-vala_1.8.6-2_amd64.deb
d376a58ef0638ff856f9fc8b097a215c3af085fe 41014
liblightdm-gobject-1-0_1.8.6-2_amd64.deb
28eca8b9e665cd199a36b0eba5936ebf166671ad 45688
liblightdm-qt-3-0_1.8.6-2_amd64.deb
77e9c719d7ad1bf15ee8bea9b8c2471baa818bcb 62912
liblightdm-gobject-dev_1.8.6-2_amd64.deb
ebc22ca1f66f1524fbe2c5b9483bde7cb298e177 46900
liblightdm-qt-dev_1.8.6-2_amd64.deb
42aaebd6102e758c4573e647933c447c5c254b19 20372
gir1.2-lightdm-1_1.8.6-2_amd64.deb
Checksums-Sha256:
5a4e5cdb587e3a5ae020e9ac26b8d32ffd87f81ecf306b8888e1773fcc4711f1 2322
lightdm_1.8.6-2.dsc
f5d1bdbde13a4e39e995b6b3a96714dae8f4bc7eeb3476a719d21f1b0e65d2fa 30600
lightdm_1.8.6-2.debian.tar.xz
cc9e1f036d45fc34734c842d2e035efbe753ae49d5472c42e5091c6c7cb6df14 138000
lightdm_1.8.6-2_amd64.deb
a6bf8062c5f3916cc791ed571f9dbd141b9e53186d776cbec6adb7a4fda66919 18450
lightdm-vala_1.8.6-2_amd64.deb
dc27bfd8018c37c2f2e6a6b054c6adc3aef7d799cac2fd0d3bfe078a3a4e6bee 41014
liblightdm-gobject-1-0_1.8.6-2_amd64.deb
4a6cf58fadd20aaa74ac3a62eb1064fd2b6c8744cafc70dcfbc268805ad90186 45688
liblightdm-qt-3-0_1.8.6-2_amd64.deb
c2f637ab262f6c20542cdfdc057078ba00254ca441ca25d7c97b96ceb3586237 62912
liblightdm-gobject-dev_1.8.6-2_amd64.deb
1054d834c79300e9627e9584ad0fae8038e107538d15e157d665f7fdd255c8c7 46900
liblightdm-qt-dev_1.8.6-2_amd64.deb
a7d53bae71d164ec0313e5bb4f55b33fe595a3d0e2045d198cd22d032e9072a1 20372
gir1.2-lightdm-1_1.8.6-2_amd64.deb
Files:
8e9ab7de7c9dd089588a6a4661002e5d 2322 x11 optional lightdm_1.8.6-2.dsc
b5cee452446e66c2ade0b7e9bac1abe0 30600 x11 optional
lightdm_1.8.6-2.debian.tar.xz
eb326134a60cc8f9194229bddaf7217c 138000 x11 optional lightdm_1.8.6-2_amd64.deb
d001e94a395f6df97839dc083d74a9f3 18450 x11 optional
lightdm-vala_1.8.6-2_amd64.deb
39298b064cb4144f474de19149cf33d5 41014 libdevel optional
liblightdm-gobject-1-0_1.8.6-2_amd64.deb
0d0707d6b289d497f83516a125632dd7 45688 libdevel optional
liblightdm-qt-3-0_1.8.6-2_amd64.deb
853451cdee8ab7c4ddf9c8a0725e62aa 62912 libdevel optional
liblightdm-gobject-dev_1.8.6-2_amd64.deb
65461213269728060e2c37e419bc4c09 46900 libdevel optional
liblightdm-qt-dev_1.8.6-2_amd64.deb
9317eab34e6d5e456faee46ac8916652 20372 libs optional
gir1.2-lightdm-1_1.8.6-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBCgAGBQJS7klsAAoJEG3bU/KmdcCl/2oIAIWJ62th9KiRL9rZVsTl02TL
VT1UbyFFL+aYqTrluXCp/TyO3/Gj7PrySNx/nIVVb13+ixPKU2pG+57x+fDEP/Yj
LRFPsR43wTAwupULI+w7dB9FJHGMdDMQi3f+dg48m2bYr7cVGtkSGx4zC++qUhMd
jhyLpXnWZgEX9XX13cn6grXh9kDcCieLDW6t4oQHrD5i+uraGO08Uu8r0/DZ6jIn
+hsJv5d0lRU/63k18G+LCHGmIccmrmz6GwdA+WmKh73ue0i34kPDtBfIBKLFzmdx
7sOMm7sFu/V8LlIXZSJ1aw8IM+EKyyLaKGdXvwM4tPK1ppyUz0A+MC2/tpL5oG0=
=W1fE
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-xfce-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-xfce-devel
