Ubuntu
gdm package

Login is not possible in gdm when the user password is in expiration period

Bug #613371 reported by renbag
62
This bug affects 11 people
Affects Status Importance Assigned to Milestone
gdm (Ubuntu)
Confirmed
Low
Unassigned

Bug Description

Binary package hint: gdm

Login is not possible in gdm when the user password is in expiration period

With an up-to-date maverick system, integrated in an Active Directory network, the login of domain users with gdm is not possible when the password is in the expiration period.
After the insertion of the password, the gdm screen freezes, showing a warning about the future password expiration (see screenshot). The same user can instead login using the console.
Local users and domain users, whose password are not in expiration period, can login normally.
The AD integration of the system was done with winbind and PAM modules.

gdm 2.30.2.is.2.30.2-0ubuntu3
libpam0g 1.1.1-3ubuntu3
libpam-krb5 4.2-1

Some log files are reported below.

See original description
Revision history for this message
renbag (renbag) wrote :
Revision history for this message
renbag (renbag) wrote :
Revision history for this message
renbag (renbag) wrote :
Revision history for this message
renbag (renbag) wrote :
renbag (renbag)
summary: - Login is not possible in gdm when the user password is in pre-expiration
+ Login is not possible in gdm when the user password is in expiration
period
description: updated
Sebastien Bacher (seb128)
Changed in gdm (Ubuntu):
importance: Undecided → Low
Revision history for this message
renbag (renbag) wrote :

This bug has been confirmed by two other people in the comments from bug 114620:
https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/114620/comments/13
https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/114620/comments/14

Changed in gdm (Ubuntu):
status: New → Confirmed
Revision history for this message
renbag (renbag) wrote :

Additional informations from auth.log

Domain user login with password in expiration period (GDM freezes at this point):

Jan 21 10:13:22 pc000020 gdm-session-worker[1669]: pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not met by user "rbxxxx20"
Jan 21 10:13:22 pc000020 gdm-session-worker[1669]: pam_winbind(gdm:auth): getting password (0x00000380)
Jan 21 10:13:26 pc000020 gdm-session-worker[1669]: pam_winbind(gdm:auth): user 'rbxxxx20' granted access
Jan 21 10:13:33 pc000020 login[1734]: pam_winbind(login:auth): getting password (0x00000380)
Jan 21 10:13:38 pc000020 login[1734]: pam_winbind(login:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
Jan 21 10:13:38 pc000020 login[1734]: pam_winbind(login:account): valid_user: wbcGetpwnam gave WBC_ERR_DOMAIN_NOT_FOUND

Local user (no password expiration):

Jan 21 10:13:38 pc000020 login[1734]: pam_unix(login:session): session opened for user rbag by LOGIN(uid=0)
Jan 21 10:13:42 pc000020 sudo: rbag : TTY=tty1 ; PWD=/home/rbag ; USER=root ; COMMAND=/bin/bash
Jan 21 10:13:42 pc000020 sudo: pam_unix(sudo:session): session opened for user root by rbag(uid=0)
Jan 21 10:13:42 pc000020 sudo: pam_unix(sudo:session): session closed for user root

Login of the domain user from the console and change of the password:

Jan 21 10:14:29 pc000020 login[1283]: pam_winbind(login:auth): getting password (0x00000380)
Jan 21 10:14:33 pc000020 login[1283]: pam_winbind(login:auth): user 'rbxxxx20' granted access
Jan 21 10:14:33 pc000020 login[1283]: pam_winbind(login:account): user 'rbxxxx20' granted access
Jan 21 10:14:33 pc000020 login[1283]: pam_unix(login:session): session opened for user rbxxxx20 by LOGIN(uid=0)
Jan 21 10:15:09 pc000020 passwd[2253]: pam_winbind(passwd:chauthtok): getting password (0x00000020)
Jan 21 10:15:14 pc000020 passwd[2253]: pam_winbind(passwd:chauthtok): user 'rbxxxx20' granted access
Jan 21 10:15:14 pc000020 passwd[2253]: pam_winbind(passwd:chauthtok): getting password (0x00000000)
Jan 21 10:15:23 pc000020 passwd[2253]: pam_winbind(passwd:chauthtok): user 'rbxxxx20' OK
Jan 21 10:15:23 pc000020 passwd[2253]: pam_winbind(passwd:chauthtok): user 'rbxxxx20' password changed
Jan 21 10:15:23 pc000020 passwd[2253]: pam_winbind(passwd:chauthtok): user 'rbxxxx20' granted access

Login of the domain user from gdm with a new password:

Jan 21 10:15:45 pc000020 gdm-session-worker[2309]: pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not met by user "rbxxxx20"
Jan 21 10:15:45 pc000020 gdm-session-worker[2309]: pam_winbind(gdm:auth): getting password (0x00000380)
Jan 21 10:15:49 pc000020 gdm-session-worker[2309]: pam_winbind(gdm:auth): user 'rbxxxx20' granted access
Jan 21 10:15:49 pc000020 gdm-session-worker[2309]: pam_winbind(gdm:account): user 'rbxxxx20' granted access
Jan 21 10:15:49 pc000020 gdm-session-worker[2309]: pam_unix(gdm:session): session opened for user rbxxxx20 by (uid=0)

Revision history for this message
Gavin McG (gavin-ubuntubugs) wrote :

Hi, is it possible to raise the importance of this? It affects a few people in our building and is preventing a larger move away from Windows, I would say mark it as Highly Important as it's unusable in it's current state.

Revision history for this message
sz gy (gyszabolcs) wrote :

I face the same issue please somebody look at it and try to fix. Thank you!

Revision history for this message
sz gy (gyszabolcs) wrote :
Download full text (7.5 KiB)

Aug 17 16:30:20 gyszabolcs gdm-session-worker[10761]: GLib-GObject-CRITICAL: g_value_get_boolean: assertion `G_VALUE_HOLDS_BOOLEAN (value)' failed
Aug 17 16:30:28 gyszabolcs gdm[10778]: ******************* START **********************************
Aug 17 16:30:28 gyszabolcs gdm[10778]: [Thread debugging using libthread_db enabled]
Aug 17 16:30:28 gyszabolcs gdm[10778]: 0xb788f424 in __kernel_vsyscall ()
Aug 17 16:30:28 gyszabolcs gdm[10778]: #0 0xb788f424 in __kernel_vsyscall ()
Aug 17 16:30:28 gyszabolcs gdm[10778]: #1 0xb76b3443 in __waitpid_nocancel () from /lib/i386-linux-gnu/libpthread.so.0
Aug 17 16:30:28 gyszabolcs gdm[10778]: #2 0x08056fc9 in ?? ()
Aug 17 16:30:28 gyszabolcs gdm[10778]: #3 0x08057091 in ?? ()
Aug 17 16:30:28 gyszabolcs gdm[10778]: #4 <signal handler called>
Aug 17 16:30:28 gyszabolcs gdm[10778]: #5 0xb788f424 in __kernel_vsyscall ()
Aug 17 16:30:28 gyszabolcs gdm[10778]: #6 0xb7322e71 in raise () from /lib/i386-linux-gnu/libc.so.6
Aug 17 16:30:28 gyszabolcs gdm[10778]: #7 0xb732634e in abort () from /lib/i386-linux-gnu/libc.so.6
Aug 17 16:30:28 gyszabolcs gdm[10778]: #8 0xb74c13a0 in g_assertion_message () from /lib/i386-linux-gnu/libglib-2.0.so.0
Aug 17 16:30:28 gyszabolcs gdm[10778]: #9 0x0804f6e0 in ?? ()
Aug 17 16:30:28 gyszabolcs gdm[10778]: #10 0xb6e3a1c1 in ?? () from /lib/security/pam_winbind.so
Aug 17 16:30:28 gyszabolcs gdm[10778]: #11 0xb6e3a236 in ?? () from /lib/security/pam_winbind.so
Aug 17 16:30:28 gyszabolcs gdm[10778]: #12 0xb6e3b2fe in ?? () from /lib/security/pam_winbind.so
Aug 17 16:30:28 gyszabolcs gdm[10778]: #13 0xb6e3b4a8 in ?? () from /lib/security/pam_winbind.so
Aug 17 16:30:28 gyszabolcs gdm[10778]: #14 0xb6e3c299 in ?? () from /lib/security/pam_winbind.so
Aug 17 16:30:28 gyszabolcs gdm[10778]: #15 0xb6e3ca63 in pam_sm_authenticate () from /lib/security/pam_winbind.so
Aug 17 16:30:28 gyszabolcs gdm[10778]: #16 0xb7750238 in ?? () from /lib/i386-linux-gnu/libpam.so.0
Aug 17 16:30:28 gyszabolcs gdm[10778]: #17 0xb774f9ed in pam_authenticate () from /lib/i386-linux-gnu/libpam.so.0
Aug 17 16:30:28 gyszabolcs gdm[10778]: #18 0x08051a92 in ?? ()
Aug 17 16:30:28 gyszabolcs gdm[10778]: #19 0xb7495311 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
Aug 17 16:30:28 gyszabolcs gdm[10778]: #20 0xb7499aa8 in g_main_context_dispatch () from /lib/i386-linux-gnu/libglib-2.0.so.0
Aug 17 16:30:28 gyszabolcs gdm[10778]: #21 0xb749a270 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
Aug 17 16:30:28 gyszabolcs gdm[10778]: #22 0xb749a92b in g_main_loop_run () from /lib/i386-linux-gnu/libglib-2.0.so.0
Aug 17 16:30:28 gyszabolcs gdm[10778]: #23 0x0804c35e in ?? ()
Aug 17 16:30:28 gyszabolcs gdm[10778]: #24 0xb730ee37 in __libc_start_main () from /lib/i386-linux-gnu/libc.so.6
Aug 17 16:30:28 gyszabolcs gdm[10778]: #25 0x0804bf21 in ?? ()
Aug 17 16:30:28 gyszabolcs gdm[10778]:
Aug 17 16:30:28 gyszabolcs gdm[10778]: Thread 1 (Thread 0xb71fc720 (LWP 10761)):
Aug 17 16:30:28 gyszabolcs gdm[10778]: #0 0xb788f424 in __kernel_vsyscall ()
Aug 17 16:30:28 gyszabolcs gdm[10778]: No symbol table info available.
Aug 17 16:30:28 gyszabolcs gdm[10778]: #1 0xb76b3443 in __waitpid_nocancel () from /lib/i386-linux...

Read more...

Revision history for this message
Olivier Diotte (vhann3000) wrote :

This bug is still current. GDM still freezes when the Kerberos password is expired.

Seeing as how this bug has been opened about 6 months after the last response was posted here: https://bugzilla.redhat.com/show_bug.cgi?id=509092 I am unsure whether it is relevant or not.

For the record, lightdm doesn't work either (in Precise) when the password is expired. KDM v3 on Debian Squeeze also has a problem (it tells the user the password is expired, but lets them login and won't prompt for a password change).

Revision history for this message
renbag (renbag) wrote :

The bug report for lightdm is: #856269.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.