Using pam_group results in: pam_group(lightdm:setcred): unable to set the group membership for user: operation not permitted
Bug #880104 reported by
david.barbion
This bug affects 13 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Light Display Manager |
Fix Released
|
Medium
|
Unassigned | ||
lightdm (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
I have configured many computers to authenticate through a openldap server. To be able to be admin in each computer, I use pam_group feature to select additional groups for user. (/etc/security/
Login directly on the console give me good group membership (the one defined in group.conf), but login from lightdm results in an error message in auth.local:
pam_group(
Of course, the group membership is not set as it should.
tags: | added: css-sponsored-p rls-mgr-p-tracking |
Changed in lightdm: | |
status: | New → Confirmed |
Changed in lightdm (Ubuntu): | |
status: | Confirmed → Triaged |
importance: | Undecided → Medium |
tags: | added: rls-p-tracking |
tags: | removed: rls-p-tracking |
Changed in lightdm: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
I am using Oneiric (11.10). I am setting up desktop computers to use MIT Kerberos for authentication, and OpenLDAP to provide the system with user account information. Like the original poster, I have been experiencing group membership problems when logging in via LightDM, but not from the console. I tested the same against a local machine user account. In /etc/group.conf, I set up group membership for the local account's local group to another local group (I used irc -- GID 39). The pam_group module works properly when logging into a console (irc shows up as a group when executing groups and id), but it does not work when logging in via LightDM.
Just to make sure I had covered all of my bases, I installed GDM and tried to duplicate the problem with group membership. The problem did not exist in GDM like it does in LightDM. I even tried KDM, XDM, and WDM, with each working properly. It would appear that LightDM needs to be updated to work properly with pam_group. For now, I will use GDM.