[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#961254: marked as done (libpam-mklocaluser: stop enforcing logout on initial login)

Your message dated Fri, 22 May 2020 16:34:05 +0000
with message-id <E1jcAcX-000Guj-4Y@fasolo.debian.org>
and subject line Bug#961254: fixed in libpam-mklocaluser 0.18
has caused the Debian Bug report #961254,
regarding libpam-mklocaluser: stop enforcing logout on initial login
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
961254: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961254
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: libpam-mklocaluser
Version: 0.17
Severity: important
The libpam-mklocaluser package is a core component of Debian Edu roaming workstations. It creates a local POSIX user account for users that exist e.g. in an LDAP database. The libpam-mklocaluser makes it possible to prep a machine for a user in a way that makes it possible to take the machine off-site.
The libpam-mklocaluser package especially modifies the user's home directory when creating this local POSIX user account. Whatever HOME path people have in LDAP, on the roaming workstation, all users are shoved into /home/<user>.
Over years, however, there has been a design flaw in the tool which I could solve last night by reading the pam_python.so code.
The design flaw has been: The current version of libpam-mklocaluser enforces a session logout when users do their initial login into a machine. Thus, in class room situations, all students have to login twice into a notebook/tablet before they can actually use their computers. This takes a way 5 minutes of the class's lesson and could be avoided.
Attached is a patch that drops the enforcement of the re-login and manipulates the HOME env var after the local POSIX user account has been fully prepared by libpam-mklocaluser. 

I'd love to see this issue solved in Debian buster, too.

This implicitly fixes Debian bug #760496.

Greets,
Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de


diff --git a/debian/pam-python.py b/debian/pam-python.py
index fad6362..4780de1 100755
--- a/debian/pam-python.py
+++ b/debian/pam-python.py
@@ -147,14 +147,8 @@ def check_and_create_localuser(pamh, user):
       # FIXME Should be rewritten in python, I guess
       runcmd(pamh, "if [ -d /etc/mklocaluser.d ]; then ORIGHOMEDIR='%s' USER='%s' /bin/run-parts /etc/mklocaluser.d ; fi" % (homedir, user))
 
-      # Let the user know what is going on
-      msg = pamh.Message(pamh.PAM_TEXT_INFO,
-                         "Local user created in /home/, please log in again to start using it.")
-      pamh.conversation(msg)
-
-      # Throw out user, as the log process cached the home directory
-      # and need to be restarted.
-      return pamh.PAM_TRY_AGAIN
+      pamh.env['HOME'] = "/home/%s" % user
+
     except Exception as e:
       syslog.syslog("Failure while creating local user: %s " % (e))
       pass

Attachment: pgpsWn9wL4xBo.pgp
Description: Digitale PGP-Signatur


--- End Message ---
--- Begin Message --- 
Source: libpam-mklocaluser
Source-Version: 0.18
Done: Mike Gabriel <sunweaver@debian.org>

We believe that the bug you reported is fixed in the latest version of
libpam-mklocaluser, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 961254@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Gabriel <sunweaver@debian.org> (supplier of updated libpam-mklocaluser package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 22 May 2020 18:01:47 +0200
Source: libpam-mklocaluser
Architecture: source
Version: 0.18
Distribution: unstable
Urgency: medium
Maintainer: Debian Edu Developers <debian-edu@lists.debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Closes: 760496 961254
Changes:
 libpam-mklocaluser (0.18) unstable; urgency=medium
 .
   * Team upload.
 .
   [ Mike Gabriel ]
   * debian/control:
     + Line-wrap B-D and D fields.
     + Provide more info in LONG_DESCRIPTION.
     + Update Section: field. Using "admin" section seems more appropriate.
       Thanks lintian.
   * debian/pam-python.py:
     - Set HOME env variable to the new home directory, also on initial user
       login. This makes it possible to drop the concept of enforced re-login
       on initial user login. (Closes: #760496, #961254).
     - Whitespace clean-up.
 .
   [ Holger Levsen ]
   * Use secure URI in Homepage field, thanks lintian-brush.
   * Upgrade to newer source format 3.0 (native), thanks lintian-brush.
   * Update standards version to 4.5.0, no changes needed & thanks once more,
     lintian-brush.
   * Bump debhelper-compat to 13.
   * Drop versioned suggests on libpam-ccreds, as even squeeze has a newer
     version.
Checksums-Sha1:
 ece2cec55c0727adcfa458caaca279e40262628b 1761 libpam-mklocaluser_0.18.dsc
 7f9a3968de378a0cf707d0f3b79e85bf7e1fc154 6780 libpam-mklocaluser_0.18.tar.xz
 11fbb4d4f5e1a17a9141f17cd5758a22a9331040 6813 libpam-mklocaluser_0.18_source.buildinfo
Checksums-Sha256:
 6ed70625c2d73b2e7fe05a3cb9732cefa8134439db93dab3840fb68671167c29 1761 libpam-mklocaluser_0.18.dsc
 15ddb527d1fb7c8d2a95ee70d0e311d61768c57c5880dd6634222dbdce1e04f4 6780 libpam-mklocaluser_0.18.tar.xz
 a054dbb86776512e51cb4b9554fa102b897ee3e8a38ed91f373e616f46fc09d7 6813 libpam-mklocaluser_0.18_source.buildinfo
Files:
 89769856ce3012a3e06bc8a8f10f0d15 1761 admin optional libpam-mklocaluser_0.18.dsc
 89198c8af3b3a24cf8c813e12393c545 6780 admin optional libpam-mklocaluser_0.18.tar.xz
 48d331ca7793106260f8ccde9c9cb3ed 6813 admin optional libpam-mklocaluser_0.18_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl7H/BIVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsx3tUQALWCeX/wawzTj71EOUxWkj7V80Lh
iE1h/vey29nZNuzr7uOpYzmv0FE260LrfFUeSuJ6igPQAOXtpwGMH70lMqLp+Njj
o/L/yex2e2vlp2ffL0IFE4S3ea8MHYuHJMU67IPWrIgzbNFkKlnyfDhGMgEsoIJt
W0BJFFRX7zmlJrUIqPJim2+RrtOYcEoFrccRVGFkm8YxKGcK6FyHMwN4f0sj1XRV
oGnyl5v8a1EhWcFen01J50K3c+GWaINlWe3XNlDtju1C8gNGjJHo/Xy9IWHLVzSB
4z9R+BgcoQqLaBr2xYQgt+4z7aKcJZk2ewyTVDsBAcgawm+0ug5EW+MFmejFUMkc
swSEpDrQR8BGzzdGYHtpOQvkhMvAbF1C703QE8zH9BmeF08+e0Pu66e5zYUKcvah
J2AlnA5gcb5nxSlUCSt3vF42My5S2yNvlEF5SxUNXRjYw4o8OAUffPdOBi6K3YV8
QTQrvNZ0GC7rmikIKAC6yYpFzY05rJ57y/W19+vbpgswqgN36Ol8dey+UHIJDXAo
NiZSXTzrk4K9pO1WjgQ6j9wJSYRbI5HjldtYD8fCFxeZ7/Jl5N6KrtMnC3+aLYyk
tcwIJI+tOwuoujObgd6GNtIbekl7CyxCwxw6F+ghzhOY43kAc2Z5HHl0m2TJuIhU
8Eog58EBtn+XU0F0
=b8Uk
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: