2015-07-21 01:51:55 |
V字龍(Vdragon) |
description |
It is possible that user may log out in a live session(e.g. changing system language, install VirtualBox guest additions), however there's two issue that cause once user logs out they can't easily login:
1. The "ubuntu" live session user is not directly listed in lightdm and needs user to manually input the username(which I believe is challenging new users)
2. The "ubuntu" live session user is default "magic_blank" password(e.g. The crypt(3) hash in the /etc/shadow password field is typically ""(empty string)), however PAM refuses to let "ubuntu" user login unless "ubuntu" user is in "nopasswdlogin" group.
Refer /var/log/auth.log(full file attached to the report):
`````
Jul 21 01:34:41 ubuntu lightdm: pam_unix(lightdm-autologin:session): session closed for user ubuntu
Jul 21 01:34:42 ubuntu lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Jul 21 01:34:42 ubuntu lightdm: PAM adding faulty module: pam_kwallet.so
Jul 21 01:34:42 ubuntu lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm by (uid=0)
Jul 21 01:34:42 ubuntu lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Jul 21 01:34:42 ubuntu lightdm: PAM adding faulty module: pam_kwallet.so
Jul 21 01:34:47 ubuntu lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "ubuntu"
Jul 21 01:34:50 ubuntu lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=ubuntu
Jul 21 01:34:52 ubuntu lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Jul 21 01:34:52 ubuntu lightdm: PAM adding faulty module: pam_kwallet.so
Jul 21 01:34:53 ubuntu lightdm: pam_unix(lightdm:auth): check pass; user unknown
Jul 21 01:34:53 ubuntu lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Jul 21 01:34:56 ubuntu lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Jul 21 01:34:56 ubuntu lightdm: PAM adding faulty module: pam_kwallet.so
Jul 21 01:34:56 ubuntu lightdm: pam_unix(lightdm:auth): check pass; user unknown
Jul 21 01:34:56 ubuntu lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Jul 21 01:34:58 ubuntu lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Jul 21 01:34:58 ubuntu lightdm: PAM adding faulty module: pam_kwallet.so
Jul 21 01:34:59 ubuntu lightdm: pam_unix(lightdm:auth): check pass; user unknown
Jul 21 01:34:59 ubuntu lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Jul 21 01:35:01 ubuntu lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Jul 21 01:35:01 ubuntu lightdm: PAM adding faulty module: pam_kwallet.so
Jul 21 01:36:40 ubuntu gpasswd[18446]: ubuntu failed to add user ubuntu to group nopasswdlogin: Permission denied
Jul 21 01:36:42 ubuntu sudo: ubuntu : TTY=tty1 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/usr/bin/gpasswd --add ubuntu nopasswdlogin
Jul 21 01:36:42 ubuntu sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0)
Jul 21 01:36:42 ubuntu gpasswd[18448]: user ubuntu added by root to group nopasswdlogin
Jul 21 01:36:42 ubuntu sudo: pam_unix(sudo:session): session closed for user root
Jul 21 01:36:45 ubuntu lightdm: pam_unix(lightdm:auth): check pass; user unknown
Jul 21 01:36:45 ubuntu lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Jul 21 01:36:47 ubuntu lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Jul 21 01:36:47 ubuntu lightdm: PAM adding faulty module: pam_kwallet.so
Jul 21 01:36:48 ubuntu lightdm: pam_unix(lightdm:auth): check pass; user unknown
Jul 21 01:36:48 ubuntu lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Jul 21 01:36:51 ubuntu lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Jul 21 01:36:51 ubuntu lightdm: PAM adding faulty module: pam_kwallet.so
Jul 21 01:36:52 ubuntu lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" was met by user "ubuntu"
Jul 21 01:36:52 ubuntu lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm
Jul 21 01:36:52 ubuntu lightdm: pam_unix(lightdm:session): session opened for user ubuntu by (uid=0)
````` |
It is possible that user may log out in a live session(e.g. changing system language, install VirtualBox guest additions), however there's two issue that cause once user logs out they can't easily login:
1. The "ubuntu" live session user is not directly listed in lightdm and needs user to manually input the username(which I believe is challenging to new users), I suspect this issue is cause by the UID of "ubuntu" user is 999(<1000)
2. The "ubuntu" live session user is default "magic_blank" password(e.g. The crypt(3) hash in the /etc/shadow password field is typically ""(empty string)), however PAM refuses to let "ubuntu" user login unless "ubuntu" user is in "nopasswdlogin" group.
Refer /var/log/auth.log(full file attached to the report):
`````
Jul 21 01:34:41 ubuntu lightdm: pam_unix(lightdm-autologin:session): session closed for user ubuntu
Jul 21 01:34:42 ubuntu lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Jul 21 01:34:42 ubuntu lightdm: PAM adding faulty module: pam_kwallet.so
Jul 21 01:34:42 ubuntu lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm by (uid=0)
Jul 21 01:34:42 ubuntu lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Jul 21 01:34:42 ubuntu lightdm: PAM adding faulty module: pam_kwallet.so
Jul 21 01:34:47 ubuntu lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "ubuntu"
Jul 21 01:34:50 ubuntu lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=ubuntu
Jul 21 01:34:52 ubuntu lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Jul 21 01:34:52 ubuntu lightdm: PAM adding faulty module: pam_kwallet.so
Jul 21 01:34:53 ubuntu lightdm: pam_unix(lightdm:auth): check pass; user unknown
Jul 21 01:34:53 ubuntu lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Jul 21 01:34:56 ubuntu lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Jul 21 01:34:56 ubuntu lightdm: PAM adding faulty module: pam_kwallet.so
Jul 21 01:34:56 ubuntu lightdm: pam_unix(lightdm:auth): check pass; user unknown
Jul 21 01:34:56 ubuntu lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Jul 21 01:34:58 ubuntu lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Jul 21 01:34:58 ubuntu lightdm: PAM adding faulty module: pam_kwallet.so
Jul 21 01:34:59 ubuntu lightdm: pam_unix(lightdm:auth): check pass; user unknown
Jul 21 01:34:59 ubuntu lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Jul 21 01:35:01 ubuntu lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Jul 21 01:35:01 ubuntu lightdm: PAM adding faulty module: pam_kwallet.so
Jul 21 01:36:40 ubuntu gpasswd[18446]: ubuntu failed to add user ubuntu to group nopasswdlogin: Permission denied
Jul 21 01:36:42 ubuntu sudo: ubuntu : TTY=tty1 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/usr/bin/gpasswd --add ubuntu nopasswdlogin
Jul 21 01:36:42 ubuntu sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0)
Jul 21 01:36:42 ubuntu gpasswd[18448]: user ubuntu added by root to group nopasswdlogin
Jul 21 01:36:42 ubuntu sudo: pam_unix(sudo:session): session closed for user root
Jul 21 01:36:45 ubuntu lightdm: pam_unix(lightdm:auth): check pass; user unknown
Jul 21 01:36:45 ubuntu lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Jul 21 01:36:47 ubuntu lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Jul 21 01:36:47 ubuntu lightdm: PAM adding faulty module: pam_kwallet.so
Jul 21 01:36:48 ubuntu lightdm: pam_unix(lightdm:auth): check pass; user unknown
Jul 21 01:36:48 ubuntu lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Jul 21 01:36:51 ubuntu lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Jul 21 01:36:51 ubuntu lightdm: PAM adding faulty module: pam_kwallet.so
Jul 21 01:36:52 ubuntu lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" was met by user "ubuntu"
Jul 21 01:36:52 ubuntu lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm
Jul 21 01:36:52 ubuntu lightdm: pam_unix(lightdm:session): session opened for user ubuntu by (uid=0)
````` |
|