I am experiencing a similar bug: this time using pam_bioapi (to support
fingerprint readers), version 0.4.0.
The problem I am having is that gksudo does not pop up to ask for a password
once the fingerprint dialog is aborted, as it would be expected to do.
My common-auth is as follows:
auth sufficient pam_bioapi.so {5550454b-2054-464d-2f45-535320425350}
/etc/bioapi/pam/biodata.db :0
auth required pam_unix.so nullok_secure
gdm, and console-run sudo perform as expected - cancelling the fingerprint
dialog and it will ask for a password. However, running gksudo from console
results in:
# sudo -l
# gksudo gedit
<fingerprint dialog pops up - after exiting that>
GNOME_SUDO_PASS
at which point it echoes any characters I type at it (meaning that it's not
asking for a password), including new line characters. The only way to abort
this is to press Ctrl+C.
Note also that the screen is not blanked during the fingerprint dialog
(separate bug?)
Running gksudo from a launcher has the same effect - but obviously no console
output.
Does anyone know what GNOME_SUDO_PASS means? I've asked the google oracle, but
that hasn't got me anywhere.
I can confirm that gksudo works perfectly well without the pam_bioapi line, and
it also works if I make it ask for the password first, by changing common-auth
to:
auth sufficient pam_unix.so nullok_secure
auth sufficient pam_bioapi.so {5550454b-2054-464d-2f45-535320425350}
/etc/bioapi/pam/biodata.db :0
auth required pam_deny.so
gksudo does blank the screen and the password dialog appears, and pressing
enter results in it unblanking and the fingerprint dialog appearing - this is
my current solution, but far from ideal as I would like the password to back
the fingerprinting.
It is also worth mentioning that this is also the case with pam_thinkfinger (an
alternative fingerprinting "driver") which does not implement a separate
fingerprinting dialog - gksudo does not appear at all, and after a successful
fingerprint read gksudo does not exit - and a killall is required to bring the
authenticating application up - though this also may be a error with
pam_thinkfinger (version tested: 0.3.0).
All in all, I think we can conclude that gksudo (which from what I understand,
is simply a wrapper for the console based sudo) does not support external pam
modules very well?
--
gksudo fails if using libpam-krb5 for password auth
https://bugs.launchpad.net/bugs/15093
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
