desktop-packages team mailing list archive

Thread
Date

[Bug 1305440] Re: Allow a distinct pam config file for greeter and for lock-screen

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: "Stephen M. Webb" <stephen.webb@xxxxxxxxxxxxx>
Date: Mon, 29 Dec 2014 15:23:22 -0000
Reply-to: Bug 1305440 <1305440@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Attached debdiff between trusty-updates and SRU.

** Branch unlinked: lp:~unity-team/unity/trusty-1305440

** Description changed:

+ [Impact]
+ 
  It might be desirable to have a distinct pam config file when logging in
  and when unlocking the screen. Specifically, using a fingerprint reader
  is fine for sudo or for unlocking, but you want to use your password
  when logging in, to provide a secret and be able to unlock the gnome-
  keyring for example.
+ 
+ [Test Case]
  
  See http://askubuntu.com/questions/445131/how-do-i-enable-a-specific-
  pam-config-in-the-lockscreen
  
  So this feature request is about allowing for a (optional) pam config
  file for the lock-screen, distinct from the /etc/pam.d/lightdm currently
  used and shared with the greeter.
+ 
+ [Regression Potential]
+ 
+ An additional configuration point could allow a system to be
+ misconfigured for reduced security.  The default configuration is to use
+ the same PAM stack as the LightDM login process so no new regression is
+ introduced without user modification.
+ 
+ [Other Info]
+ 
+ The Ubuntu 14.04 LTS SRU patch was cherry-picked from Ubuntu 14.10 where
+ it has been in production use for a few months and appears stable.

** Patch added: "debdiff between unity_7.2.3+14.04.20140826-0ubuntu1 and unity_7.2.4+14.04.20141217-0ubuntu1"
   https://bugs.launchpad.net/ubuntu/+source/unity-greeter/+bug/1305440/+attachment/4289402/+files/unity_7.2.4%2B14.04.20141217-0ubuntu1.debdiff

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to unity-greeter in Ubuntu.
https://bugs.launchpad.net/bugs/1305440

Title:
  Allow a distinct pam config file for greeter and for lock-screen

Status in Unity:
  Fix Committed
Status in Unity 7.2 series:
  In Progress
Status in unity package in Ubuntu:
  Fix Released
Status in unity-greeter package in Ubuntu:
  Invalid

Bug description:
  [Impact]

  It might be desirable to have a distinct pam config file when logging
  in and when unlocking the screen. Specifically, using a fingerprint
  reader is fine for sudo or for unlocking, but you want to use your
  password when logging in, to provide a secret and be able to unlock
  the gnome-keyring for example.

  [Test Case]

  See http://askubuntu.com/questions/445131/how-do-i-enable-a-specific-
  pam-config-in-the-lockscreen

  So this feature request is about allowing for a (optional) pam config
  file for the lock-screen, distinct from the /etc/pam.d/lightdm
  currently used and shared with the greeter.

  [Regression Potential]

  An additional configuration point could allow a system to be
  misconfigured for reduced security.  The default configuration is to
  use the same PAM stack as the LightDM login process so no new
  regression is introduced without user modification.

  [Other Info]

  The Ubuntu 14.04 LTS SRU patch was cherry-picked from Ubuntu 14.10
  where it has been in production use for a few months and appears
  stable.

To manage notifications about this bug go to:
https://bugs.launchpad.net/unity/+bug/1305440/+subscriptions