desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #132882
[Bug 592162] Re: update libpam-gnome-keyring causes authentication failure
This version has expired now
** Changed in: gnome-keyring (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-keyring in Ubuntu.
https://bugs.launchpad.net/bugs/592162
Title:
update libpam-gnome-keyring causes authentication failure
Status in gnome-keyring package in Ubuntu:
Invalid
Bug description:
Binary package hint: gnome-keyring
Updating Ubuntu 10.04 using Synaptic to latest version of libpam-gnome-keyring (and gnome-keyring) caused any logins via gdm to return with
"Authentication Failure", instead of a successful login (used many times with much success).
Output from /root/.synaptic/log/:
# cat /root/.synaptic/log/2010-06-09.111041.log | grep keyring
gnome-keyring (2.92.92.is.2.30.1-0ubuntu1) to 2.92.92.is.2.30.1-0ubuntu2
libpam-gnome-keyring (2.92.92.is.2.30.1-0ubuntu1) to 2.92.92.is.2.30.1-0ubuntu2
The failures appeared to produce the following messages in /var/log/auth.log:
Jun 9 22:38:49 nnabXXXXXXX gdm-session-worker[1869]: pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not met by user "XXXXXX"
Jun 9 22:38:55 nnabXXXXXXX gdm-session-worker[1869]: pam_unix(gdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=XXXXXX
The password was confirmed as working, and even though the user was
added to the "nopasswdlogin" group, logins still failed. The "not met
by user" message does not appear to be the reason for the failures, so
these have been ignored.
When attempting an 'su' to the user which receives the authentication failure message ("su - XXXXXX" as root), the following messages were produced:
Jun 9 22:46:13 nnabXXXXXX su[1219]: [module:pam_lsass]pam_sm_acct_mgmt failed [login:XXXXXX][error code:2]
Jun 9 22:46:13 nnabXXXXXX su[1219]: Successful su for XXXXXX by root
Jun 9 22:46:13 nnabXXXXXX su[1219]: + /dev/console root:XXXXXX
Jun 9 22:46:13 nnabXXXXXX su[1219]: pam_unix(su:session): session opened for user XXXXXX by (uid=0)
Jun 9 22:46:13 nnabXXXXXX su[1219]: [module:pam_lsass]pam_sm_open_session failed [login:XXXXXX][error code: 2]
Jun 9 22:48:31 nnabXXXXXX su[1219]: pam_unix(su:session): session closed for user XXXXXX
Hence the decision to comment out references to "lsass" as this system
also has "likewise" installed, and the following lines were commented
out due to the "required" directive being somewhat suspicious (unsure
if it was required previously, but regardless, commenting out these
lines meant a successful login could take place):
# grep -1 lsass *
atd-session required pam_limits.so
atd:session sufficient pam_lsass.so
--
chfn-@include common-session
chfn:session sufficient pam_lsass.so
chfn-
--
chsh-@include common-session
chsh:session sufficient pam_lsass.so
chsh-
--
common-account-# Commented out by Simon Willgoss - 2010-06-09
common-account:#account required pam_lsass.so unknown_ok
common-account:#account sufficient pam_lsass.so
common-account-account requisite pam_deny.so
--
common-auth-# here's the fallback if no module succeeds
common-auth:# pam_lsass.so commented out by Simon Willgoss - 2010-06-09
common-auth:#auth sufficient pam_lsass.so try_first_pass
common-auth-auth requisite pam_deny.so
--
common-password-# Commented out by Simon Willgoss - 2010-06-09
common-password:#password sufficient pam_lsass.so try_first_pass use_authtok
common-password-password requisite pam_deny.so
########################################################################################
Commenting out these was the only successful change that permitted a login via gdm.
It appears, from all that I have seen, that updating to the package identified above has perhaps modified or brought about a change in the behaviour between pam and the lsass module.
# lsb_release -rd
Description: Ubuntu 10.04 LTS
Release: 10.04
Full list of packages updated:
# cat /root/.synaptic/log/2010-06-09.111041.log
Commit Log for Wed Jun 9 11:10:41 2010
Upgraded the following packages:
brasero (2.30.0-0ubuntu1) to 2.30.1-0ubuntu2
brasero-common (2.30.0-0ubuntu1) to 2.30.1-0ubuntu2
gnome-keyring (2.92.92.is.2.30.1-0ubuntu1) to 2.92.92.is.2.30.1-0ubuntu2
gnome-panel (1:2.30.0-0ubuntu1) to 1:2.30.0-0ubuntu2
gnome-panel-data (1:2.30.0-0ubuntu1) to 1:2.30.0-0ubuntu2
libbrasero-media0 (2.30.0-0ubuntu1) to 2.30.1-0ubuntu2
libcairomm-1.0-1 (1.8.0-1build2) to 1.8.4-0ubuntu1
libgcr0 (2.92.92.is.2.30.1-0ubuntu1) to 2.92.92.is.2.30.1-0ubuntu2
libgp11-0 (2.92.92.is.2.30.1-0ubuntu1) to 2.92.92.is.2.30.1-0ubuntu2
libpam-gnome-keyring (2.92.92.is.2.30.1-0ubuntu1) to 2.92.92.is.2.30.1-0ubuntu2
libpanel-applet2-0 (1:2.30.0-0ubuntu1) to 1:2.30.0-0ubuntu2
linux-headers-2.6.32-22 (2.6.32-22.33) to 2.6.32-22.36
linux-headers-2.6.32-22-generic (2.6.32-22.33) to 2.6.32-22.36
linux-image-2.6.32-22-generic (2.6.32-22.33) to 2.6.32-22.36
linux-libc-dev (2.6.32-22.33) to 2.6.32-22.36
openoffice.org-base-core (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
openoffice.org-calc (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
openoffice.org-common (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
openoffice.org-core (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
openoffice.org-draw (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
openoffice.org-emailmerge (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
openoffice.org-gnome (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
openoffice.org-gtk (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
openoffice.org-impress (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
openoffice.org-math (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
openoffice.org-style-human (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
openoffice.org-writer (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
python-papyon (0.4.6-0ubuntu2) to 0.4.8-0ubuntu1
python-uno (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
rhythmbox (0.12.8-0ubuntu5) to 0.12.8-0ubuntu6
rhythmbox-plugin-cdrecorder (0.12.8-0ubuntu5) to 0.12.8-0ubuntu6
rhythmbox-plugins (0.12.8-0ubuntu5) to 0.12.8-0ubuntu6
telepathy-butterfly (0.5.8-1ubuntu1) to 0.5.9-0ubuntu1
ttf-opensymbol (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
tzdata (2010i-1) to 2010j-0ubuntu0.10.04
uno-libs3 (1.6.0+OOo3.2.0-7ubuntu4) to 1.6.0+OOo3.2.0-7ubuntu4.1
ure (1.6.0+OOo3.2.0-7ubuntu4) to 1.6.0+OOo3.2.0-7ubuntu4.1
xsane (0.996-2ubuntu2) to 0.996-2ubuntu3
xsane-common (0.996-2ubuntu2) to 0.996-2ubuntu3
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: libpam-gnome-keyring 2.92.92.is.2.30.1-0ubuntu2
ProcVersionSignature: Ubuntu 2.6.32-22.36-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-22-generic x86_64
NonfreeKernelModules: fglrx
Architecture: amd64
Date: Thu Jun 10 19:12:15 2010
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release amd64 (20091027)
ProcEnviron:
LANG=en_AU.UTF-8
SHELL=/bin/bash
SourcePackage: gnome-keyring
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/592162/+subscriptions
