unable to retype login details on lightdm-gtk-greeter with userlist disabled
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lightdm-gtk-greeter (Ubuntu) |
Triaged
|
Medium
|
Unassigned |
Bug Description
Its impossible to retype the login details if a mistake during login on lightdm with userlist disabled. I noticed this problem on Xubuntu 12.04.
This bug can be reproduced always. I noticed it while trying to setup a laptop image for my institute. We disabled the userlist for lightdm for security purpose so that users would have to manually type in their username. I noticed that if I made a mistake while typing the user credentials (whether in the password or username) the lightdm gives me the username/password incorrect error but it does not provide me the username dialog box so that I can start all over again. What I get instead is a message that asks me to retype the password (which should not be the case because sometimes the mistake was in the username not the password)
When this happens the best way to login is either to switch to console mode and restart lightdm, or to reboot the computer completely. I think this is a major bug which will affect many people who use Ubuntu (or in my case xubuntu) in enterprise.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: lightdm 1.2.1-0ubuntu1.1
ProcVersionSign
Uname: Linux 3.2.0-30-generic i686
ApportVersion: 2.0.1-0ubuntu12
Architecture: i386
Date: Thu Sep 13 08:33:50 2012
InstallationMedia: Xubuntu 12.04 LTS "Precise Pangolin" - Release i386 (20120423)
SourcePackage: lightdm
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile.
affects: | lightdm (Ubuntu) → lightdm-gtk-greeter (Ubuntu) |
Changed in lightdm-gtk-greeter (Ubuntu): | |
importance: | Undecided → Medium |
status: | Expired → Triaged |
summary: |
- unable to retype login details on lightdm with userlist disabled + unable to retype login details on lightdm-gtk-greeter with userlist + disabled |
Just want to add that if I typed the right username and only make a mistake in typing the password. The lightdm greeter gives an incorrect password message and continues to give this error until the right password is given. I think this is a serious security flaw. A username should be part of the security of a user, hence it is not ideal for the login manager to give any intruder an idea that the right username has been entered. The normal way is to give a username or password may be incorrect error message and then reset the login screen to allow the user re-enter the login details.
I have added an image to better explain the issue