Bug#383889: Bug#466741: gnome-screensaver:fails to unlock with correct password
Prakash J Kokkatt
pjkonweb at gmail.com
Wed Feb 20 18:34:00 UTC 2008
On Wed, Feb 20, 2008 at 11:50 PM, Josselin Mouette <joss at debian.org> wrote:
> severity 466741 important
> tag 466741 moreinfo
> thanks
>
>
> On mer, 2008-02-20 at 22:46 +0530, Prakash Jose Kokkattu wrote:
> > Package: gnome-screensaver
> > Version: 2.20.0-2
> > Severity: critical
> >
> > OK.I found that libpam-foreground v0.4-1 if installed fixes this unlock
> > issue and the user password works!also I got this dependency after
> > checking through ubuntu gutsy 7.10 which also I am using.Hopedevelopers
> > will fix this bug ASAP.below is the relative contents on
> > /var/log/auth.log
>
> Why did you open a new bug if you think this is related to #383889 ?
Sorry.I think my reportbug config may be wrong.I already posted in #383889
>
> Also I don't think this issue could be related to libpam-foreground,
> which only creates lockfiles and isn't even used unless you modify your
> configuration.
>
But,I am sure that,after installing libpam-foreground only my problem
fixed.and Ubuntu gutsy too got libpam-foreground as dependency :S
> In short, if you need help, please show us your PAM configuration and
> describe *precisely* what your problems are.
I have not edited any PAM configuration files.BTW,I remember,some package I
have to install using dpkg --force-overwrite option.
and below is the pam config files and their contents:
> localhost:~# cat /etc/pam.conf
> #
> ---------------------------------------------------------------------------#
> # /etc/pam.conf #
> #
> ---------------------------------------------------------------------------#
> #
> # NOTE
> # ----
> #
> # NOTE: Most program use a file under the /etc/pam.d/ directory to setup
> their
> # PAM service modules. This file is used only if that directory does not
> exist.
> #
> ---------------------------------------------------------------------------#
>
> # Format:
> # serv. module ctrl module [path] ...[args..]
> #
> # name type flag #
>
and:
> localhost:~# cat /etc/pam.d/gnome-screensaver
> @include common-auth
> auth optional pam_gnome_keyring.so
>
and:
> localhost:~# cat /etc/pam.d/common-account
> #
> # /etc/pam.d/common-account - authorization settings common to all
> services
> #
> # This file is included from other service-specific PAM config files,
> # and should contain a list of the authorization modules that define
> # the central access policy for use on the system. The default is to
> # only deny service to users whose accounts are expired in /etc/shadow.
> #
> account required pam_unix.so
>
and:
> localhost:~# cat /etc/pam.d/common-auth
> #
> # /etc/pam.d/common-auth - authentication settings common to all services
> #
> # This file is included from other service-specific PAM config files,
> # and should contain a list of the authentication modules that define
> # the central authentication scheme for use on the system
> # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
> # traditional Unix authentication mechanisms.
> #
> auth required pam_unix.so nullok_secure
>
and:
> localhost:~# cat /etc/pam.d/common-password
> #
> # /etc/pam.d/common-password - password-related modules common to all
> services
> #
> # This file is included from other service-specific PAM config files,
> # and should contain a list of modules that define the services to be
> # used to change user passwords. The default is pam_unix.
>
> # Explanation of pam_unix options:
> #
> # The "nullok" option allows users to change an empty password, else
> # empty passwords are treated as locked accounts.
> #
> # The "md5" option enables MD5 passwords. Without this option, the
> # default is Unix crypt.
> #
> # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
> # login.defs.
> #
> # You can also use the "min" option to enforce the length of the new
> # password.
> #
> # See the pam_unix manpage for other options.
>
> password required pam_unix.so nullok obscure md5
>
> # Alternate strength checking for password. Note that this
> # requires the libpam-cracklib package to be installed.
> # You will need to comment out the password line above and
> # uncomment the next two in order to use this.
> # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH')
> #
> # password required pam_cracklib.so retry=3 minlen=6 difok=3
> # password required pam_unix.so use_authtok nullok md5
and:
> localhost:~# cat /etc/pam.d/common-session
> #
> # /etc/pam.d/common-session - session-related modules common to all
> services
> #
> # This file is included from other service-specific PAM config files,
> # and should contain a list of modules that define tasks to be performed
> # at the start and end of sessions of *any* kind (both interactive and
> # non-interactive). The default is pam_unix.
> #
> session required pam_unix.so
and:
> localhost:~# cat /etc/pam.d/passwd
> #
> # The PAM configuration file for the Shadow `passwd' service
> #
>
> @include common-password
>
and:
localhost:~# cat /etc/pam.d/su
> #
> # The PAM configuration file for the Shadow `su' service
> #
>
> # This allows root to su without passwords (normal operation)
> auth sufficient pam_rootok.so
>
> # Uncomment this to force users to be a member of group root
> # before they can use `su'. You can also add "group=foo"
> # to the end of this line if you want to use a group other
> # than the default "root" (but this may have side effect of
> # denying "root" user, unless she's a member of "foo" or explicitly
> # permitted earlier by e.g. "sufficient pam_rootok.so").
> # (Replaces the `SU_WHEEL_ONLY' option from login.defs)
> # auth required pam_wheel.so
>
> # Uncomment this if you want wheel members to be able to
> # su without a password.
> # auth sufficient pam_wheel.so trust
>
> # Uncomment this if you want members of a specific group to not
> # be allowed to use su at all.
> # auth required pam_wheel.so deny group=nosu
>
> # Uncomment and edit /etc/security/time.conf if you need to set
> # time restrainst on su usage.
> # (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
> # as well as /etc/porttime)
> # account requisite pam_time.so
>
> # This module parses environment configuration file(s)
> # and also allows you to use an extended config
> # file /etc/security/pam_env.conf.
> #
> # parsing /etc/environment needs "readenv=1"
> session required pam_env.so readenv=1
> # locale variables are also kept into /etc/default/locale in etch
> # reading this file *in addition to /etc/environment* does not hurt
> session required pam_env.so readenv=1 envfile=/etc/default/locale
>
> # Defines the MAIL environment variable
> # However, userdel also needs MAIL_DIR and MAIL_FILE variables
> # in /etc/login.defs to make sure that removing a user
> # also removes the user's mail spool file.
> # See comments in /etc/login.defs
> #
> # "nopen" stands to avoid reporting new mail when su'ing to another user
> session optional pam_mail.so nopen
>
> # Sets up user limits, please uncomment and read /etc/security/limits.conf
> # to enable this functionality.
> # (Replaces the use of /etc/limits in old login)
> # session required pam_limits.so
>
> # The standard Unix authentication modules, used with
> # NIS (man nsswitch) as well as normal /etc/passwd and
> # /etc/shadow entries.
> @include common-auth
> @include common-account
> @include common-session
>
> > and lastly:
> localhost:~# cat /etc/pam.d/gdm
> #%PAM-1.0
> auth requisite pam_nologin.so
> auth required pam_env.so readenv=1
> auth required pam_env.so readenv=1 envfile=/etc/default/locale
> @include common-auth
> auth optional pam_gnome_keyring.so
> @include common-account
> session required pam_limits.so
> @include common-session
> session optional pam_gnome_keyring.so auto_start
> @include common-password
>
^I hope the contents of above files are enough.
I can assure you that there is no manual editing I did.
BTW,running Debian Sid/lenny with apt preferring Sid.
also using upstart from experimental repo.
> Thanks,
> --
Thank You
> .''`.
> : :' : We are debian.org. Lower your prices, surrender your code.
> `. `' We will add your hardware and software distinctiveness to
> `- our own. Resistance is futile.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20080221/43926fd6/attachment-0002.htm
More information about the pkg-gnome-maintainers
mailing list