Ubuntu
libpam-unix2 package

problems with libpam-unix2 and gnome-screensaver

Bug #82518 reported by PatRiehecky
24
Affects Status Importance Assigned to Milestone
libpam-unix2 (Ubuntu)
Fix Released
Undecided
Unassigned
Nominated for Gutsy by Daniel Stränger
Nominated for Hardy by Daniel Stränger

Bug Description

Binary package hint: libpam-unix2

Followed guide in http://ubuntuforums.org/showthread.php?t=300208 and was able to login and out fine, but when the screensaver password kicked in I was unable to log back in.

See debian bug http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=295526 the listed ideas of suid various binaries did not work for me, any ideas to get this up and working?

Revision history for this message
Jack Lecou (jackl) wrote : Merge upstream unix2_chkpwd

I have the same problem with libpam-unix2 1.25-1.1 and gnome-screensaver 2.17.7-0ubuntu2.

The problem is exactly as described in Debian #295526 above: gnome-screensaver drops any privileges it has by the time it calls into PAM, but pam_unix2 needs to read the hash from the shadow file.

The regular pam_unix module calls unix_chkpwd when it discovers this situation. The same solution should work with pam_unix2. If the security implications of this approach are acceptable in pam_unix, they should be here as well.

Revision history for this message
Daniel Stränger (schmaller) wrote :

I've discovered an updated source package of libpam_unix2 in intrepid, which addresses exactly this issue.
I put a build of that in my PPA (https://launchpad.net/~schmaller/+archive) and it works for me:
I can now unlock my user in gnome-screensaver.
ATN: I did not inspect the source changes, so I can not make any assertion about security. But it looks like this version will be part of the upcoming ubuntu release.

Daniel Stränger (schmaller)
Changed in libpam-unix2:
status: New → Confirmed
Revision history for this message
Luca Falavigna (dktrkranz) wrote :

This should be fixed in Intrepid with 2.5.0-1, so unsubscribing u-u-s for now. If you want this fix to be present in Hardy and Gutsy, please follow https://wiki.ubuntu.com/StableReleaseUpdates and subscribe motu-sru, thanks.

Changed in libpam-unix2:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.