2014-03-23 12:51:25 |
Brian Knoll |
bug |
|
|
added bug |
2014-03-23 13:01:58 |
Brian Knoll |
bug |
|
|
added subscriber Russ Allbery |
2014-03-23 13:02:42 |
Brian Knoll |
bug |
|
|
added subscriber Light-Locker Devs |
2014-03-23 13:03:38 |
Brian Knoll |
bug |
|
|
added subscriber Light Locker Settings Team |
2014-03-23 13:27:36 |
Sean Davis |
bug task added |
|
lightdm (Ubuntu) |
|
2014-03-23 13:28:00 |
Sean Davis |
bug |
|
|
added subscriber Robert Ancell |
2014-03-23 22:39:30 |
Robert Ancell |
lightdm (Ubuntu): status |
New |
Triaged |
|
2014-03-23 22:39:32 |
Robert Ancell |
lightdm (Ubuntu): importance |
Undecided |
Medium |
|
2014-03-23 22:39:37 |
Robert Ancell |
lightdm (Ubuntu): importance |
Medium |
High |
|
2014-03-23 22:39:51 |
Robert Ancell |
bug task added |
|
lightdm |
|
2014-03-23 22:39:58 |
Robert Ancell |
lightdm: status |
New |
Triaged |
|
2014-03-23 22:40:00 |
Robert Ancell |
lightdm: importance |
Undecided |
High |
|
2014-03-23 22:40:03 |
Robert Ancell |
bug task deleted |
light-locker (Ubuntu) |
|
|
2014-03-23 22:40:18 |
Robert Ancell |
summary |
light-locker fails to properly renew kerberos tickets with pam-krb5 |
Unlocking with greeter fails to properly renew kerberos tickets with pam-krb5 |
|
2014-03-23 22:41:47 |
Launchpad Janitor |
branch linked |
|
lp:~robert-ancell/lightdm/setcred-on-unlock |
|
2014-04-08 05:02:14 |
Robert Ancell |
nominated for series |
|
lightdm/1.10 |
|
2014-04-08 05:02:14 |
Robert Ancell |
bug task added |
|
lightdm/1.10 |
|
2014-04-08 05:02:28 |
Robert Ancell |
lightdm/1.10: status |
New |
Triaged |
|
2014-04-08 05:02:31 |
Robert Ancell |
lightdm/1.10: importance |
Undecided |
High |
|
2014-04-08 05:02:33 |
Robert Ancell |
lightdm: importance |
High |
Medium |
|
2014-04-08 05:02:35 |
Robert Ancell |
lightdm: status |
Triaged |
Fix Committed |
|
2014-04-27 12:39:06 |
Oliver Brakmann |
bug |
|
|
added subscriber Oliver Brakmann |
2014-04-27 21:57:34 |
Robert Ancell |
lightdm/1.10: status |
Triaged |
Fix Committed |
|
2014-04-27 21:57:37 |
Robert Ancell |
lightdm: status |
Fix Committed |
Fix Released |
|
2014-04-27 21:57:39 |
Robert Ancell |
lightdm (Ubuntu): status |
Triaged |
In Progress |
|
2014-04-27 21:57:41 |
Robert Ancell |
lightdm (Ubuntu): assignee |
|
Robert Ancell (robert-ancell) |
|
2014-04-27 21:57:44 |
Robert Ancell |
lightdm/1.10: assignee |
|
Robert Ancell (robert-ancell) |
|
2014-04-27 21:57:46 |
Robert Ancell |
lightdm: assignee |
|
Robert Ancell (robert-ancell) |
|
2014-04-27 21:58:03 |
Robert Ancell |
nominated for series |
|
Ubuntu Trusty |
|
2014-04-27 21:58:03 |
Robert Ancell |
bug task added |
|
lightdm (Ubuntu Trusty) |
|
2014-04-27 21:58:21 |
Robert Ancell |
lightdm (Ubuntu Trusty): importance |
Undecided |
High |
|
2014-04-27 21:58:21 |
Robert Ancell |
lightdm (Ubuntu Trusty): status |
New |
In Progress |
|
2014-04-27 21:58:21 |
Robert Ancell |
lightdm (Ubuntu Trusty): assignee |
|
Robert Ancell (robert-ancell) |
|
2014-04-27 21:58:32 |
Robert Ancell |
lightdm (Ubuntu): status |
In Progress |
Fix Released |
|
2014-04-27 21:58:54 |
Robert Ancell |
lightdm (Ubuntu): status |
Fix Released |
Fix Committed |
|
2014-04-27 21:59:01 |
Robert Ancell |
lightdm (Ubuntu): status |
Fix Committed |
In Progress |
|
2014-04-27 22:19:17 |
Robert Ancell |
branch linked |
|
lp:~robert-ancell/lightdm/setcred-on-unlock-1.10 |
|
2014-04-27 22:27:17 |
Robert Ancell |
description |
I am using the pam-krb5 module to log into a Kerberos realm using lightdm. This works the initial time I log in, when I come in through lightdm. However, once I am logged in, and I lock the screen using light-locker, when I unlock the screen I no longer get renewed tickets.
The problem seems to be this:
-rw------- 1 me me 504 Mar 23 08:37 krb5cc_1000_sjkfhagfg
-rw------- 1 root root 504 Mar 23 08:38 krb5cc_pam_lsdkjhfsdk
So what is happening is that on the initial login, I get a valid ticket cache, owned by my logging-in user, and showing my UID in the file name. This ticket works fine. However, once I lock the screen and then unlock it, I get a ticket cache owned by root, with "_pam_" in the filename, and of course I can't use it because I am not logged in as root.
This problem did not occur in 12.04 LTS, probably because it did not use light-locker. The pam-krb5 module works in all other cases in my installations, so I do not believe this is any kind of problem with the pam_krb5 module.
Thanks,
Brian
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: light-locker 1.2.1-0ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-18.38-generic 3.13.6
Uname: Linux 3.13.0-18-generic x86_64
ApportVersion: 2.13.3-0ubuntu1
Architecture: amd64
Date: Sun Mar 23 08:40:38 2014
InstallationDate: Installed on 2014-03-22 (0 days ago)
InstallationMedia: Ubuntu-Server 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140320)
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: light-locker
UpgradeStatus: No upgrade log present (probably fresh install) |
[Impact]
Aborted PAM authentications may leave artifacts behind. This is due to LightDM not correctly calling pam_end on these.
Authenticating via a LightDM greeter does not refresh PAM credentials.
[Test Case]
1. Lock screen using LightDM greeter
2. Enter password to return to session
Expected result:
Screen is unlocked, credentials are refreshed.
Observed result:
Screen is unlocked, artifacts are left behind from PAM authentication, credentials not refreshed.
[Regression Potential]
Since this change affects the PAM handling other PAM modules might potentially have a change in behaviour. This seems low risk as both changes are correct behaviour over the previously incorrect behaviour.
I am using the pam-krb5 module to log into a Kerberos realm using lightdm. This works the initial time I log in, when I come in through lightdm. However, once I am logged in, and I lock the screen using light-locker, when I unlock the screen I no longer get renewed tickets.
The problem seems to be this:
-rw------- 1 me me 504 Mar 23 08:37 krb5cc_1000_sjkfhagfg
-rw------- 1 root root 504 Mar 23 08:38 krb5cc_pam_lsdkjhfsdk
So what is happening is that on the initial login, I get a valid ticket cache, owned by my logging-in user, and showing my UID in the file name. This ticket works fine. However, once I lock the screen and then unlock it, I get a ticket cache owned by root, with "_pam_" in the filename, and of course I can't use it because I am not logged in as root.
This problem did not occur in 12.04 LTS, probably because it did not use light-locker. The pam-krb5 module works in all other cases in my installations, so I do not believe this is any kind of problem with the pam_krb5 module.
Thanks,
Brian
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: light-locker 1.2.1-0ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-18.38-generic 3.13.6
Uname: Linux 3.13.0-18-generic x86_64
ApportVersion: 2.13.3-0ubuntu1
Architecture: amd64
Date: Sun Mar 23 08:40:38 2014
InstallationDate: Installed on 2014-03-22 (0 days ago)
InstallationMedia: Ubuntu-Server 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140320)
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: light-locker
UpgradeStatus: No upgrade log present (probably fresh install) |
|
2014-04-27 22:52:01 |
Robert Ancell |
lightdm: milestone |
|
1.11.0 |
|
2014-04-27 22:52:07 |
Robert Ancell |
lightdm/1.10: milestone |
|
1.10.1 |
|
2014-04-27 22:52:10 |
Robert Ancell |
lightdm/1.10: status |
Fix Committed |
Fix Released |
|
2014-04-27 23:58:43 |
Launchpad Janitor |
lightdm (Ubuntu): status |
In Progress |
Fix Released |
|
2014-04-29 18:40:27 |
Brian Murray |
lightdm (Ubuntu Trusty): status |
In Progress |
Fix Committed |
|
2014-04-29 18:40:30 |
Brian Murray |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2014-04-29 18:40:32 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
2014-04-29 18:40:34 |
Brian Murray |
tags |
amd64 apport-bug trusty |
amd64 apport-bug trusty verification-needed |
|
2014-05-06 06:28:25 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/trusty-proposed/lightdm |
|
2014-05-06 06:28:35 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/utopic-proposed/lightdm |
|
2014-05-09 05:54:30 |
Oliver Brakmann |
tags |
amd64 apport-bug trusty verification-needed |
amd64 apport-bug trusty verification-done |
|
2014-05-12 05:18:02 |
Scott Kitterman |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2014-05-12 05:23:11 |
Launchpad Janitor |
lightdm (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
2014-05-13 02:03:54 |
Brian Knoll |
lightdm: status |
Fix Released |
New |
|
2014-05-13 02:03:58 |
Brian Knoll |
lightdm/1.10: status |
Fix Released |
New |
|
2014-05-13 02:04:04 |
Brian Knoll |
lightdm (Ubuntu): status |
Fix Released |
New |
|
2014-05-13 02:04:08 |
Brian Knoll |
lightdm (Ubuntu Trusty): status |
Fix Released |
New |
|
2014-05-13 03:23:44 |
Robert Ancell |
lightdm: status |
New |
Fix Released |
|
2014-05-13 03:23:56 |
Robert Ancell |
lightdm/1.10: status |
New |
Fix Released |
|
2014-05-13 03:24:00 |
Robert Ancell |
lightdm (Ubuntu): status |
New |
Fix Released |
|
2014-05-13 03:24:05 |
Robert Ancell |
lightdm (Ubuntu Trusty): status |
New |
Fix Released |
|