Light Display Manager

No confirmation of ongoing authentication process

Bug #850761 reported by Roman Yepishev
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Light Display Manager
Incomplete
Low
Unassigned

Bug Description

In case authentication takes some time (e.g. kerberos server being unavailable and fallback to local unix account has not yet tried) the login process looks as follows:
1. user selects the account
2. password field appears, prompting for password
3. user enters the password
4. password field is emptied, again prompting for password.

At this time it is possible that the user will try to make several more attempts before the response from the low level received allowing the login. GDM was disabling the UI while waiting for authentication response to signal that the machine has understood the request and is doing something. In this case it is not clear whether anything has actually happened.

The same can be seen during local auth only - upon pressing Enter the password field is cleared and the blinking cursor appears for a second, this also will be a problem with encrypted home directories on slower machines since mounting the encrypted directory takes time.

Revision history for this message
Robert Ancell (robert-ancell) wrote :

Do you know what greeter and version you are using? This should be fixed in both the GTK greeter and Unity Greeter (the password entry goes insensitive after entry).

Changed in lightdm:
status: New → Incomplete
importance: Undecided → Low
Revision history for this message
ghomem (gustavo) wrote :

This affects with KDE Greeter, for example.

The problem can be understood from this log:

[+392.27s] DEBUG: Greeter start authentication for XXXXX
[+392.28s] DEBUG: Started session 3582 with service 'lightdm', username 'XXXX'
[+392.30s] DEBUG: Session 3582 got 1 message(s) from PAM
[+392.30s] DEBUG: Prompt greeter with 1 message(s)
[+392.31s] DEBUG: Continue authentication

A DELAY WHILE THE WHOLE PACK STACK IS EXECUTED - GREETER WIDGETS ARE **NOT** BLOCKED / INSENSITIVE

[+408.31s] DEBUG: Session 3582 authentication complete with return value 0: Success
[+408.31s] DEBUG: Authenticate result for user XXXX: Success
[+408.33s] DEBUG: User XXXX authorized

This means that the greeter is not handling properly the time between authentication starting and the authentication result. This is a problem for users of LDAP, Winbind, Kerberos, pam_script, etc.

Tested with lightdm 1.2.1-0ubuntu1.1, on Ubuntu Precise.

Do you know where to start patching this?

Revision history for this message
ghomem (gustavo) wrote :

s/PACK STACK/PAM STACK

Revision history for this message
ghomem (gustavo) wrote :

Additional info:

KDM -> same problem as LightDM
GDM -> done right (password field insensitive + busy cursor)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.