Ubuntu
gnome-keyring package

update libpam-gnome-keyring causes authentication failure

Bug #592162 reported by Simon Willgoss
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gnome-keyring (Ubuntu)
Invalid
Low
Unassigned

Bug Description

Binary package hint: gnome-keyring

Updating Ubuntu 10.04 using Synaptic to latest version of libpam-gnome-keyring (and gnome-keyring) caused any logins via gdm to return with
"Authentication Failure", instead of a successful login (used many times with much success).

Output from /root/.synaptic/log/:
# cat /root/.synaptic/log/2010-06-09.111041.log | grep keyring
gnome-keyring (2.92.92.is.2.30.1-0ubuntu1) to 2.92.92.is.2.30.1-0ubuntu2
libpam-gnome-keyring (2.92.92.is.2.30.1-0ubuntu1) to 2.92.92.is.2.30.1-0ubuntu2

The failures appeared to produce the following messages in /var/log/auth.log:
Jun 9 22:38:49 nnabXXXXXXX gdm-session-worker[1869]: pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not met by user "XXXXXX"
Jun 9 22:38:55 nnabXXXXXXX gdm-session-worker[1869]: pam_unix(gdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=XXXXXX

The password was confirmed as working, and even though the user was added to the "nopasswdlogin" group, logins still failed. The "not met by user" message does not appear to be the reason for the failures, so these have been ignored.

When attempting an 'su' to the user which receives the authentication failure message ("su - XXXXXX" as root), the following messages were produced:
Jun 9 22:46:13 nnabXXXXXX su[1219]: [module:pam_lsass]pam_sm_acct_mgmt failed [login:XXXXXX][error code:2]
Jun 9 22:46:13 nnabXXXXXX su[1219]: Successful su for XXXXXX by root
Jun 9 22:46:13 nnabXXXXXX su[1219]: + /dev/console root:XXXXXX
Jun 9 22:46:13 nnabXXXXXX su[1219]: pam_unix(su:session): session opened for user XXXXXX by (uid=0)
Jun 9 22:46:13 nnabXXXXXX su[1219]: [module:pam_lsass]pam_sm_open_session failed [login:XXXXXX][error code: 2]
Jun 9 22:48:31 nnabXXXXXX su[1219]: pam_unix(su:session): session closed for user XXXXXX

Hence the decision to comment out references to "lsass" as this system also has "likewise" installed, and the following lines were commented out due to the "required" directive being somewhat suspicious (unsure if it was required previously, but regardless, commenting out these lines meant a successful login could take place):

# grep -1 lsass *
atd-session required pam_limits.so
atd:session sufficient pam_lsass.so
--
chfn-@include common-session
chfn:session sufficient pam_lsass.so
chfn-
--
chsh-@include common-session
chsh:session sufficient pam_lsass.so
chsh-
--
common-account-# Commented out by Simon Willgoss - 2010-06-09
common-account:#account required pam_lsass.so unknown_ok
common-account:#account sufficient pam_lsass.so
common-account-account requisite pam_deny.so
--
common-auth-# here's the fallback if no module succeeds
common-auth:# pam_lsass.so commented out by Simon Willgoss - 2010-06-09
common-auth:#auth sufficient pam_lsass.so try_first_pass
common-auth-auth requisite pam_deny.so
--
common-password-# Commented out by Simon Willgoss - 2010-06-09
common-password:#password sufficient pam_lsass.so try_first_pass use_authtok
common-password-password requisite pam_deny.so
########################################################################################

Commenting out these was the only successful change that permitted a login via gdm.
It appears, from all that I have seen, that updating to the package identified above has perhaps modified or brought about a change in the behaviour between pam and the lsass module.

# lsb_release -rd
Description: Ubuntu 10.04 LTS
Release: 10.04

Full list of packages updated:
# cat /root/.synaptic/log/2010-06-09.111041.log
Commit Log for Wed Jun 9 11:10:41 2010

Upgraded the following packages:
brasero (2.30.0-0ubuntu1) to 2.30.1-0ubuntu2
brasero-common (2.30.0-0ubuntu1) to 2.30.1-0ubuntu2
gnome-keyring (2.92.92.is.2.30.1-0ubuntu1) to 2.92.92.is.2.30.1-0ubuntu2
gnome-panel (1:2.30.0-0ubuntu1) to 1:2.30.0-0ubuntu2
gnome-panel-data (1:2.30.0-0ubuntu1) to 1:2.30.0-0ubuntu2
libbrasero-media0 (2.30.0-0ubuntu1) to 2.30.1-0ubuntu2
libcairomm-1.0-1 (1.8.0-1build2) to 1.8.4-0ubuntu1
libgcr0 (2.92.92.is.2.30.1-0ubuntu1) to 2.92.92.is.2.30.1-0ubuntu2
libgp11-0 (2.92.92.is.2.30.1-0ubuntu1) to 2.92.92.is.2.30.1-0ubuntu2
libpam-gnome-keyring (2.92.92.is.2.30.1-0ubuntu1) to 2.92.92.is.2.30.1-0ubuntu2
libpanel-applet2-0 (1:2.30.0-0ubuntu1) to 1:2.30.0-0ubuntu2
linux-headers-2.6.32-22 (2.6.32-22.33) to 2.6.32-22.36
linux-headers-2.6.32-22-generic (2.6.32-22.33) to 2.6.32-22.36
linux-image-2.6.32-22-generic (2.6.32-22.33) to 2.6.32-22.36
linux-libc-dev (2.6.32-22.33) to 2.6.32-22.36
openoffice.org-base-core (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
openoffice.org-calc (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
openoffice.org-common (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
openoffice.org-core (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
openoffice.org-draw (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
openoffice.org-emailmerge (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
openoffice.org-gnome (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
openoffice.org-gtk (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
openoffice.org-impress (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
openoffice.org-math (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
openoffice.org-style-human (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
openoffice.org-writer (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
python-papyon (0.4.6-0ubuntu2) to 0.4.8-0ubuntu1
python-uno (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
rhythmbox (0.12.8-0ubuntu5) to 0.12.8-0ubuntu6
rhythmbox-plugin-cdrecorder (0.12.8-0ubuntu5) to 0.12.8-0ubuntu6
rhythmbox-plugins (0.12.8-0ubuntu5) to 0.12.8-0ubuntu6
telepathy-butterfly (0.5.8-1ubuntu1) to 0.5.9-0ubuntu1
ttf-opensymbol (1:3.2.0-7ubuntu4) to 1:3.2.0-7ubuntu4.1
tzdata (2010i-1) to 2010j-0ubuntu0.10.04
uno-libs3 (1.6.0+OOo3.2.0-7ubuntu4) to 1.6.0+OOo3.2.0-7ubuntu4.1
ure (1.6.0+OOo3.2.0-7ubuntu4) to 1.6.0+OOo3.2.0-7ubuntu4.1
xsane (0.996-2ubuntu2) to 0.996-2ubuntu3
xsane-common (0.996-2ubuntu2) to 0.996-2ubuntu3

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: libpam-gnome-keyring 2.92.92.is.2.30.1-0ubuntu2
ProcVersionSignature: Ubuntu 2.6.32-22.36-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-22-generic x86_64
NonfreeKernelModules: fglrx
Architecture: amd64
Date: Thu Jun 10 19:12:15 2010
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release amd64 (20091027)
ProcEnviron:
 LANG=en_AU.UTF-8
 SHELL=/bin/bash
SourcePackage: gnome-keyring

Revision history for this message
Simon Willgoss (swillgoss) wrote :
Sebastien Bacher (seb128)
Changed in gnome-keyring (Ubuntu):
importance: Undecided → Low
Revision history for this message
Sebastien Bacher (seb128) wrote :

is that still an issue?

Revision history for this message
Simon Willgoss (swillgoss) wrote :

Yes. I have implemented a work-around (which was successful), but couldn't resolve the issue with Likewise and pam.

Revision history for this message
dino99 (9d9) wrote :

This version has expired now

Changed in gnome-keyring (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.