desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #151569
[Bug 1517685] Re: XDMCP server starts without authentication if configured key does not exist
Hello Robert, or anyone else affected,
Accepted lightdm into trusty-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/lightdm/1.10.6-0ubuntu1 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed. Your feedback will aid us getting this update
out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed. In either case, details of your testing will help
us make a better decision.
Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in
advance!
** Changed in: lightdm (Ubuntu Trusty)
Status: New => Fix Committed
** Tags added: verification-needed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1517685
Title:
XDMCP server starts without authentication if configured key does not
exist
Status in Light Display Manager:
Fix Released
Status in Light Display Manager 1.10 series:
Fix Released
Status in Light Display Manager 1.14 series:
Fix Released
Status in Light Display Manager 1.16 series:
Fix Released
Status in Light Display Manager 1.2 series:
Fix Released
Status in lightdm package in Ubuntu:
New
Status in lightdm source package in Precise:
New
Status in lightdm source package in Trusty:
Fix Committed
Status in lightdm source package in Vivid:
New
Status in lightdm source package in Wily:
New
Bug description:
[Impact]
An incorrectly configured XDMCP server will start without authentication instead of disabling XDMCP / stopping LightDM.
[Test Case]
1. Set up LightDM to run an XDMCP server using an XDM authentication key, i.e. in lightdm.conf:
[XDMCPServer]
enabled=true
key=key-name
2. Do not create /etc/lightdm/keys.conf or do not define 'key-name' in keys.conf.
3. Start LightDM
4. Connect XDMCP client.
Expected result:
Either LightDM doesn't start or the XDMCP server doesn't start.
Observed result:
XDMCP server starts without authentication, any XDMCP client is able to connect. Debug message printed to log warning about missing key, but not easy to spot.
[Regression Potential]
Low - change is to not start LightDM if this case occurs. This could affect someone who currently has a misconfigured LightDM. In this case a warning message is printed to the log.
To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1517685/+subscriptions