dx-packages team mailing list archive

Thread
Date

[Bug 1460649] Re: Can't unlock screen with last day password (before expired)

To: dx-packages@xxxxxxxxxxxxxxxxxxx
From: Andrea Azzarone <azzaronea@xxxxxxxxx>
Date: Thu, 24 Sep 2015 17:23:57 -0000
Reply-to: Bug 1460649 <1460649@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: unity
   Importance: Undecided => High

** Changed in: unity (Ubuntu)
   Importance: Undecided => High

** Changed in: unity
       Status: Confirmed => Triaged

** Changed in: unity (Ubuntu)
       Status: Confirmed => Triaged

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to unity in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1460649

Title:
  Can't unlock screen with last day password (before expired)

Status in Unity:
  Triaged
Status in unity package in Ubuntu:
  Triaged

Bug description:
  When I login with last day password, all ok. But when I locked screen, I can't unlock it, receive error «Invalid password, please try again».
  I think, this bug more globally — «unity-panel-service --lockscreen-mode» does not have function for changing user password.

  How to reproduce:

  You need working LDAP-server and Ubuntu with LDAP client. My client,
  Ubuntu 14.04:

  cat <<EOF |
  ldap-auth-config		ldap-auth-config/dblogin		boolean	false
  ldap-auth-config		ldap-auth-config/dbrootlogin		boolean	false
  ldap-auth-config		ldap-auth-config/ldapns/ldap-server	string	ldap://ldap/
  ldap-auth-config		ldap-auth-config/ldapns/ldap_version	select	3
  ldap-auth-config		ldap-auth-config/move-to-debconf	boolean	true
  ldap-auth-config		ldap-auth-config/ldapns/base-dn		string	dc=example,dc=com
  nslcd				nslcd/ldap-base				string	dc=example,dc=com
  nslcd				nslcd/ldap-uris				string	ldap://ldap/
  libnss-ldapd			libnss-ldapd/nsswitch			multiselect	group, passwd, shadow
  EOF
  debconf_answers_ldap.dat

  sudo debconf-set-selections debconf_answers_ldap.dat
  sudo apt-get install libnss-ldapd libpam-ldap nss-updatedb libnss-db libpam-ccreds nscd libpam-cracklib

  And create file /usr/share/pam-configs/mkhomedir:

  Name: activate mkhomedir
  Default: yes
  Priority: 900
  Session-Type: Additional
  Session:
   required	pam_mkhomedir.so umask=0022 skel=/etc/skel

  Then run:
  sudo pam-auth-update

  Count todays number:
  echo $(($(date --utc --date "$1" +%s)/86400))
  For example, 16587.
  In LDAP, add user account with attribute shadowMax=10 and shadowLastChange=16577.
  Try to login in Ubuntu. All ok. No errors, no messages.
  Now lock the screen (Ctrl+Alt+L).
  Try to unlock screen — you can't. You see error «Invalid password, please try again».

  Workaround:
  Login to guest account and change user to myself.

To manage notifications about this bug go to:
https://bugs.launchpad.net/unity/+bug/1460649/+subscriptions