--- Begin Message ---
Package: libpam-mklocaluser
Version: 0.7
Severity: serious
Tags: patch
User: debian-edu@lists.debian.org
Usertags: debian-edu
Yesterday it was brought to my attention that the roaming workstation
(aka laptop) profile in Debian Edu did not work in Wheezy. Its design
is that the first time a user log in when the machine is connected to
the school network, a local user is created for the given user, and that
user can then log in on the laptop also when the machine is outside the
school network.
When trying this with the packages in wheezy, the user is not able to
log in and is thrown out when entering username and password in kdm.
This is the relevant entries in /var/log/auth.log when trying:
May 4 12:59:54 testhost kdm: :0[19878]: pam_unix(kdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=testuser
May 4 12:59:55 testhost kdm: :0[19878]: pam_sss(kdm:auth): authentication success; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=testuser
May 4 12:59:55 testhost kdm: :0[19878]: pam_unix(kdm:session): session opened for user testuser by (uid=0)
May 4 12:59:55 testhost pam_mklocaluser[19878]: Creating local passwd entry uid=1000(testuser) gid=1000(testuser) gecos='Petter Reinholdtsen' home=/home/testuser
May 4 12:59:55 testhost pam_mklocaluser[19878]: Unexpected exception, should never happen: must be string, not exceptions.AttributeError
May 4 12:59:55 testhost pam_mklocaluser[19878]: pam_ck_connector(kdm:session): nox11 mode, ignoring PAM_TTY :0
May 4 12:59:55 testhost kdm: :0[19878]: pam_unix(kdm:session): session closed for user testuser
I tracked down the cause, and it is triggered by changes to some python
library, possibly the subprocess library. The following patch solve the
problem:
--- /usr/lib/libpam-mklocaluser/pam-python.py.old 2011-07-26 16:18:23.000000000 +0200
+++ /usr/lib/libpam-mklocaluser/pam-python.py 2013-05-04 12:58:29.595862692 +0200
@@ -16,13 +16,16 @@
import syslog
def runcmd(pamh, cmd):
- proc = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE,)
+ proc = subprocess.Popen(cmd, shell=True, \
+ stdout=subprocess.PIPE, \
+ stderr=subprocess.PIPE,)
while proc.poll() == None:
pass
- result = proc.communicate(input=None)[0]
- if result != 0:
- syslog.syslog("Command %(command)s failed with %(msg)s" % ( cmd, proc.stderr.read()) )
-# print "output: %s" % output
+ (resultstdout, resultstderr) = proc.communicate(input=None)
+ if proc.returncode != 0:
+ msg = "Command '%s' failed with %s" % ( cmd, resultstderr.strip())
+ syslog.syslog(msg)
+# print "output: %s" % msg
def check_and_create_localuser(pamh, user):
# Location of local users
The patch is already in upstream SVN will be included in the next
upstream release soon to be uploaded to unstable.
--
Happy hacking
Petter Reinholdtsen
--- End Message ---
--- Begin Message ---
- To: 706753-close@bugs.debian.org
- Subject: Bug#706753: fixed in libpam-mklocaluser 0.8~deb7u1
- From: Petter Reinholdtsen <pere@debian.org>
- Date: Thu, 23 May 2013 22:47:04 +0000
- Message-id: <E1UfeHo-0003PC-FK@franck.debian.org>
Source: libpam-mklocaluser
Source-Version: 0.8~deb7u1
We believe that the bug you reported is fixed in the latest version of
libpam-mklocaluser, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 706753@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Petter Reinholdtsen <pere@debian.org> (supplier of updated libpam-mklocaluser package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 04 May 2013 08:25:53 +0200
Source: libpam-mklocaluser
Binary: libpam-mklocaluser
Architecture: source all
Version: 0.8~deb7u1
Distribution: wheezy
Urgency: low
Maintainer: Debian Edu Developers <debian-edu@lists.debian.org>
Changed-By: Petter Reinholdtsen <pere@debian.org>
Description:
libpam-mklocaluser - Configure PAM to create a local user if it do not exist already
Closes: 706753
Changes:
libpam-mklocaluser (0.8~deb7u1) wheezy; urgency=low
.
* Rewrite runcmd() to work with Python on Wheezy (Closes: #706753).
Checksums-Sha1:
68f8893d7c7cc33bc05c548c36fd4a0ede5b2181 1085 libpam-mklocaluser_0.8~deb7u1.dsc
cc09e6f4207260e88883d2a8d7d11337897307d0 5269 libpam-mklocaluser_0.8~deb7u1.tar.gz
86dd4966921a01774027f62a66ef6effe37097c3 5700 libpam-mklocaluser_0.8~deb7u1_all.deb
Checksums-Sha256:
51de9bb97812ba4d29abaecee2bb24c2e38a51f24f7aba733f2b631ae2fc8c83 1085 libpam-mklocaluser_0.8~deb7u1.dsc
a921c925007ee562f9d1488fe5863d6661905fc7748107ff11c40da9d25e3604 5269 libpam-mklocaluser_0.8~deb7u1.tar.gz
22ff8e44a62ee5bfa8ae04f7dd0701895374aa99525740bdc75f3b2d48631186 5700 libpam-mklocaluser_0.8~deb7u1_all.deb
Files:
a1e71c154f5d6f014407ec3407299e0a 1085 misc optional libpam-mklocaluser_0.8~deb7u1.dsc
9ad3d71935f3f61f0e0c303562a20f47 5269 misc optional libpam-mklocaluser_0.8~deb7u1.tar.gz
ea69c75fb0be07b3ee12e98b6ae6622e 5700 misc optional libpam-mklocaluser_0.8~deb7u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFRnYwM20zMSyow1ykRAhOiAJ0XgHudUhO8kctFBcryHSWfJJ3e5gCg0vpj
8QIDxC5rjXvzhX0/2Rrsdn0=
=/pZR
-----END PGP SIGNATURE-----
--- End Message ---