desktop-packages team mailing list archive

Thread
Date

[Bug 1371710] Re: autologin should support PAM_USER

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: BobD <1371710@xxxxxxxxxxxxxxxxxx>
Date: Tue, 25 Nov 2014 22:07:32 -0000
Reply-to: Bug 1371710 <1371710@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

After studying the code and exploring a bit with gdb and a test PAM
module I wrote that simply sets pam_user, I've determined that in fact
lightDM *already* works just fine with a PAM module on the auth stack of
the lightdm-autologin PAM service which sets PAM_USER. I simply hadn't
realized that autologin used its own PAM service.

The name specified for PAM_USER will override the autologin-user value
in lightdm.conf.

In my opinion, this behavior is ideal. If we actually tried to change
the code to allow turning autologin on without specifying an autologin
user, and no PAM_USER was set by any PAM module, we'd have a strange
error case to deal with.

So, to turn autologin on, you must specify a default/fallback user for
autologin-user. If a PAM module in the lightdm-autologin PAM stack sets
PAM_USER in pam_sm_authenticate(), that will override the user specified
in lightdm.conf. No change required.

If there are no other suggestions/objections, I will close out this bug.
Too bad, I was looking forward to contributing :-)

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1371710

Title:
  autologin should support PAM_USER

Status in Light Display Manager:
  Triaged
Status in Light Display Manager 1.10 series:
  Triaged
Status in “lightdm” package in Ubuntu:
  Triaged
Status in “lightdm” source package in Trusty:
  Triaged
Status in “lightdm” source package in Utopic:
  Triaged

Bug description:
  There should be a way to specify the autologin-user via PAM_USER.

  Currently, to enable autologin you specify autologin-user in the
  lightdm.conf file, and any value of PAM_USER returned after
  pam_authenticate() is ignored.

  This means if you want to affect autologin so that different users are
  logged in at different times, based on some external criteria, you
  must rewrite the lightdm configuration and restart the service each
  time.

  One approach would be to add a new key e.g. "autologin-user-pam=true"
  which would enable autologin and use the PAM_USER returned by
  pam_authenticate() as the user to log in. It might make sense that if
  PAM_USER is *not* set by the call to pam_authenticate to fall back to
  the autologin-user value, or else to disable autologin entirely.

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1371710/+subscriptions