touch-packages team mailing list archive

[Fábio Lima <1447821@xxxxxxxxxxxxxxxxxx>]

Hello, folks, the problem is now solved.

The problem was caused by a script located at /usr/share/libpam-
script/pam_script_auth, triggered by libpam-script (manpages: pam.d and
pam-script). This script allows some extra verifications using user's
password. It must be used very carefully, not only because the password
is available, but also because if the last command send a successful
execution signal, the authentication will succeed, even if the user gave
an wrong password and the ldap server returned an authentication
failure.

I apologize for opening this bug ticket.

** Changed in: unity
       Status: Incomplete => Invalid

** Changed in: unity (Ubuntu)
       Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unity in Ubuntu.
https://bugs.launchpad.net/bugs/1447821

Title:
  Lockscreen does not ask for ldap password

Status in Unity:
  Invalid
Status in unity package in Ubuntu:
  Invalid

Bug description:
  I manage desktops where the users log into an today updated ubuntu
  14.04.1 amd64 desktop using ldap users.

  When the desktop goes to lockscreen, in order to unlock I may [see IMG_20150423_182816.jpg attached]:
  1. Use my right ldap password: Unlock successfully;
  2. Use a wrong ldap password: It doesn't unlock, showing an error message;
  3. Don't use any password, just press "Enter":  Unlock successfully!

  This is a serious security failure. One unauthorized person walking
  around could access a machine and use it.

  There's no references in logs like syslog, auth.log, etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/unity/+bug/1447821/+subscriptions