Bug#775002: vlock: Fails to Auth after Bad Password attempt using pam_ldap

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#775002: vlock: Fails to Auth after Bad Password attempt using pam_ldap
From: William R Thomas <corvar@theonering.net>
Date: Fri, 9 Jan 2015 15:15:58 -0600
Message-id: <[🔎] 20150109211558.24463.35112.reportbug@ptinms2.int.intinc.net>
Reply-to: William R Thomas <corvar@theonering.net>, 775002@bugs.debian.org

Package: vlock
Version: 2.2.2-3
Severity: normal

Dear Maintainer,
The following issue exists for users who exist in a LDAP directory, but do not exist in the local system files.

The user locks their session by executing 'vlock', to unlock their session they hit enter and are presented with a password prompt.  If they type in their pa
ssword correctly, the session is unlocked.   This is all as it should be.

If the user locks their session by executing 'vlock', they hit enter and they type an incorrect password, they are then prompted for root's password.  Enteri
ng the locally configured root password does not unlock the screen.

user's Password: <incorrect user password>
vlock: Authentication failure
root's Password: <correct local root password>
vlock: Authentication failure

At this point, the VLOCK_MESSAGE is displayed again and we start over:
user's Password: <correct or incorrect user password>
Warning: using insecure memory!
vlock: Authentication failure
root's Password: <correct or incorrect root password>
Warning: using insecure memory!
vlock: Authentication failure

A snipet of the auth.log from the above with incorrect passwords is:
Jan  9 14:59:13 ldap-client1 unix_chkpwd[15845]: check pass; user unknown
Jan  9 14:59:13 ldap-client1 unix_chkpwd[15845]: password check failed for user (user)
Jan  9 14:59:13 ldap-client1 vlock-main: pam_unix(vlock:auth): authentication failure; logname= uid=5100 euid=5100 tty=/dev/pts/5 ruser= rhost=  user=user
Jan  9 15:00:58 ldap-client1 unix_chkpwd[15861]: check pass; user unknown
Jan  9 15:00:58 ldap-client1 unix_chkpwd[15861]: password check failed for user (root)
Jan  9 15:00:58 ldap-client1 vlock-main: pam_unix(vlock:auth): authentication failure; logname= uid=5100 euid=5100 tty=/dev/pts/5 ruser= rhost=  user=root


When turning on pam_ldap logging, the ldap debugging shows no differences before vlock reports authentication failure.

I compiled the 2.2.2-5 version from unstable and received the same results.  I also compiled the 2.2.3 version from upstream with the same results (so yes, I feel this is an upstream issue).

-- System Information:
Debian Release: 7.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages vlock depends on:
ii  adduser         3.113+nmu3
ii  libc6           2.13-38+deb7u6
ii  libpam-modules  1.1.3-7.1
ii  libpam0g        1.1.3-7.1

vlock recommends no packages.

vlock suggests no packages.

-- no debconf information

Reply to:

Prev by Date: fte_0.50.2b6-2_amd64.changes ACCEPTED into unstable
Next by Date: Bug#579453: etckeeper: Provide support for hourly autocommits?
Previous by thread: fte_0.50.2b6-2_amd64.changes ACCEPTED into unstable
Next by thread: Bug#579453: etckeeper: Provide support for hourly autocommits?
Index(es):
- Date
- Thread