pam_group not working at all

Bug #851347 reported by david.barbion on 2011-09-15
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Light Display Manager
lightdm (Ubuntu)

Bug Description


I have configured my computers to authenticate on a central LDAP server. For setting additional group membership, I have added to auth pam module.
When I log in with lightdm, no additional groups are added whereas it works with GDM.

pam_group is added to /etc/pam/common-auth module.


david.barbion (david-barbion) wrote :
david.barbion (david-barbion) wrote :
Changed in lightdm:
importance: Undecided → Medium
Changed in lightdm (Ubuntu):
importance: Undecided → Medium
Changed in lightdm:
status: New → Triaged
Changed in lightdm (Ubuntu):
status: New → Triaged
Robert Ancell (robert-ancell) wrote :

Fixed in 0.9.8

Changed in lightdm:
status: Triaged → Fix Committed
Changed in lightdm (Ubuntu):
status: Triaged → Fix Committed
Changed in lightdm:
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lightdm - 1.0.0-0ubuntu1

lightdm (1.0.0-0ubuntu1) oneiric; urgency=low

  [ Steve Langasek ]
  * don't start on graphics-device-added; reintroducing this reverted the fix
    for bug #615549 from maverick without explanation.
  * clean up the completely illegible start rule for debian/lightdm.upstart,
    killing off the unnecessary parentheses
  * debian/lightdm.upstart: when lightdm is shut down by a runlevel call,
    emit an upstart event that can be caught by plymouth so it can
    distinguish between the DM shutting down for a runlevel change vs. other
    causes. LP: #854329.

  [ Robert Ancell ]
  * New upstream release.
    [ 0.9.8 ]
    - GetSeatForCookie and GetSessionForCookie are now deprecated. They
      remain for now but use the XDG_SEAT_PATH and XDG_SESSION_PATH
      environment variables instead.
    - Change log filenames to be unique across different display types.
    - Fix up script hooks, add regression tests for them
    - Complete removal of X code from the core of LightDM, so it can better
      support various display types
    - Add ability to set the language of a user from the greeter (LP: #803858)
    - Set LANG variable based on the user language
    - Add language selector into GTK greeter (disabled by default)
    - Allow TCP/IP connections if xserver-allow-tcp is true
    - Allow lightdm --version to be run as non-root
    - Automatically respond to PAM messages without prompts (LP: #783598)
    - Create 'AddLocalXSeat' D-Bus method, and require root to use 'AddSeat'
    - Fix multi-seat configuration picking the same display number (LP: #851362)
    - Use correct D-Bus and power interface in liblightdm-qt (LP: #852803)
    - Run pam_setcred inside the session process so pam_group works
      (LP: #851347)
    - Make sure one session is always selected in the GTK greeter (LP: #819177)
    [ 1.0.0 ]
    - Explicitly grab keyboard focus in GTK greeter
    - Fix removed power and a11y menu items in GTK greeter
    - Put system binary directory into path when running in test mode
      (LP: #860003)
    - Call pam_getenvlist after pam_setcred

  [ Lionel Le Folgoc ]
  * Make the gtk greeter easily themable by derivatives: (LP: #845549)
    - rename lightdm-gtk-greeter.conf to lightdm-gtk-greeter-ubuntu.conf,
      and handle the move in maintainer scripts.
    - manage /etc/lightdm/lightdm-gtk-greeter.conf with update-alternatives,
      by default it uses /etc/lightdm/lightdm-gtk-greeter-ubuntu.conf with a
      very low priority.
  * debian/control: lightdm-gtk-greeter provides lightdm-gtk-greeter-config.
 -- Robert Ancell <email address hidden> Wed, 28 Sep 2011 16:00:20 +1000

Changed in lightdm (Ubuntu):
status: Fix Committed → Fix Released
renbag (renbag) wrote :

With regard to Bug #856269 , which is marked as duplicate of this one, I have found that when the password of a domain user is expired, lightdm still does not present the correct steps to change the password.
Here is what happens (lightdm messages are inside ""):

1 - "" --> ******** (first enter expired password);
2 - "(current) NT password" --> ******** (expired password)
3 - "Retype new NT password" --> ******** (new password)
4 - "Invalid password, please try again"

There is a step missing between 2 and 3, and it should be "Enter new NT password".
Also lightdm should display, before step 2, a message saying that the password is expired and need to be changed.

Using su in a text console to login, the correct password changing dialog is presented:

renzo@vmo-amb20:~$ su rbag
You need to change your password now
Changing password for rbag
(current) NT password:
Enter new NT password:
Retype new NT password:

Should I report a new bug?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers