Bug#775002: vlock: Fails to Auth after Bad Password attempt using pam_ldap
Package: vlock
Version: 2.2.2-3
Severity: normal
Dear Maintainer,
The following issue exists for users who exist in a LDAP directory, but do not exist in the local system files.
The user locks their session by executing 'vlock', to unlock their session they hit enter and are presented with a password prompt. If they type in their pa
ssword correctly, the session is unlocked. This is all as it should be.
If the user locks their session by executing 'vlock', they hit enter and they type an incorrect password, they are then prompted for root's password. Enteri
ng the locally configured root password does not unlock the screen.
user's Password: <incorrect user password>
vlock: Authentication failure
root's Password: <correct local root password>
vlock: Authentication failure
At this point, the VLOCK_MESSAGE is displayed again and we start over:
user's Password: <correct or incorrect user password>
Warning: using insecure memory!
vlock: Authentication failure
root's Password: <correct or incorrect root password>
Warning: using insecure memory!
vlock: Authentication failure
A snipet of the auth.log from the above with incorrect passwords is:
Jan 9 14:59:13 ldap-client1 unix_chkpwd[15845]: check pass; user unknown
Jan 9 14:59:13 ldap-client1 unix_chkpwd[15845]: password check failed for user (user)
Jan 9 14:59:13 ldap-client1 vlock-main: pam_unix(vlock:auth): authentication failure; logname= uid=5100 euid=5100 tty=/dev/pts/5 ruser= rhost= user=user
Jan 9 15:00:58 ldap-client1 unix_chkpwd[15861]: check pass; user unknown
Jan 9 15:00:58 ldap-client1 unix_chkpwd[15861]: password check failed for user (root)
Jan 9 15:00:58 ldap-client1 vlock-main: pam_unix(vlock:auth): authentication failure; logname= uid=5100 euid=5100 tty=/dev/pts/5 ruser= rhost= user=root
When turning on pam_ldap logging, the ldap debugging shows no differences before vlock reports authentication failure.
I compiled the 2.2.2-5 version from unstable and received the same results. I also compiled the 2.2.3 version from upstream with the same results (so yes, I feel this is an upstream issue).
-- System Information:
Debian Release: 7.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages vlock depends on:
ii adduser 3.113+nmu3
ii libc6 2.13-38+deb7u6
ii libpam-modules 1.1.3-7.1
ii libpam0g 1.1.3-7.1
vlock recommends no packages.
vlock suggests no packages.
-- no debconf information
Reply to: