← Back to team overview

touch-packages team mailing list archive

[Bug 1517685] Re: XDMCP server starts without authentication if configured key does not exist

 

** Package changed: ubuntu (Ubuntu) => lightdm (Ubuntu)

** Also affects: lightdm (Ubuntu Vivid)
   Importance: Undecided
       Status: New

** Also affects: lightdm (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Also affects: lightdm (Ubuntu Wily)
   Importance: Undecided
       Status: New

** Also affects: lightdm (Ubuntu Trusty)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1517685

Title:
  XDMCP server starts without authentication if configured key does not
  exist

Status in Light Display Manager:
  Fix Released
Status in Light Display Manager 1.10 series:
  Fix Released
Status in Light Display Manager 1.14 series:
  Fix Released
Status in Light Display Manager 1.16 series:
  Fix Released
Status in Light Display Manager 1.2 series:
  Fix Released
Status in lightdm package in Ubuntu:
  New
Status in lightdm source package in Precise:
  New
Status in lightdm source package in Trusty:
  New
Status in lightdm source package in Vivid:
  New
Status in lightdm source package in Wily:
  New

Bug description:
  [Impact]
  An incorrectly configured XDMCP server will start without authentication instead of disabling XDMCP / stopping LightDM.

  [Test Case]
  1. Set up LightDM to run an XDMCP server using an XDM authentication key, i.e. in lightdm.conf:
  [XDMCPServer]
  enabled=true
  key=key-name
  2. Do not create /etc/lightdm/keys.conf or do not define 'key-name' in keys.conf.
  3. Start LightDM
  4. Connect XDMCP client.

  Expected result:
  Either LightDM doesn't start or the XDMCP server doesn't start.

  Observed result:
  XDMCP server starts without authentication, any XDMCP client is able to connect. Debug message printed to log warning about missing key, but not easy to spot.

  [Regression Potential]
  Low - change is to not start LightDM if this case occurs. This could affect someone who currently has a misconfigured LightDM. In this case a warning message is printed to the log.

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1517685/+subscriptions