Bug#496455: kdesktop: user cannot unlock screen with correct password
Package: kdesktop
Version: 4:3.5.9.dfsg.1-5
Severity: critical
Justification: breaks unrelated software
After a recent upgrade (since 23 Aug 2008), our users, who can login
fine, cannot unlock the terminal after kdesktop_lock has locked it.
This appears to (possibly) be a PAM-related issue - here is what is
reported in auth.log when a user tries to unlock the terminal:
Aug 24 13:22:23 aspen unix_chkpwd[3472]: check pass; user unknown
Aug 24 13:22:23 aspen unix_chkpwd[3472]: password check failed for user (iamsteve)
Aug 24 13:22:23 aspen kcheckpass[3471]: pam_unix(kscreensaver:auth): authentication failure; logname=iamsteve uid=1000 euid=1000 tty=:0 ruser= rhost= user=iamsteve
Aug 24 13:22:23 aspen kcheckpass[3471]: Authentication failure for iamsteve (invoked by uid 1000)
(the username 'iamsteve' and the user ID '1000' have been altered.)
I am thus cross-filing this bug with kdesktop (for kdesktop_lock),
kdebase-bin (for kcheckpass) and libpam-modules (for unix_chkpwd).
Please excuse the multiple postings, and please feel free to re-assign
this bug as appropriate.
As the user was able to log in prior to locking the screen, it doesn't
appear to be a problem related to the user per-se (i.e. the user exists
and is able to authenticate under some circumstances).
Note that I am not the only person with this problem:
http://linux.derkeiler.com/Mailing-Lists/Debian/2008-08/msg01086.html
reports the same behavior in an unstable system (ours are testing)
as of 14 Aug 2008.
As with the above report, rebooting does not solve the problem.
Please be aware that we are *not* using LDAP or NIS/NIS+, and that I am
in no way affiliated with 'eric2 <dot> valette <at> orange-ftgroup <dot>
com' - this is not a simple re-reporting of bugs #478274 and/or #487932.
In addition to the information below, we are using:
ii libpam-doc 1.0.1-3 Documentation of PAM
ii libpam-modules 1.0.1-3 Pluggable Authentication Modules for PAM
ii libpam-runtime 1.0.1-3 Runtime support for the PAM library
ii libpam0g 1.0.1-3 Pluggable Authentication Modules library
Thank you for your attention to this matter.
--
Steve Lane
System, Network and Security Administrator
Doudna Lab
Biomolecular Structure and Mechanism Group
UC Berkeley
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (990, 'testing'), (900, 'stable'), (800, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.25-2-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages kdesktop depends on:
ii kdebase-bin 4:3.5.9.dfsg.1-5 core binaries for the KDE base mod
ii kdeeject 4:3.5.9.dfsg.1-5 script used by KDE to eject remova
ii kdelibs4c2a 4:3.5.9.dfsg.1-6 core libraries and binaries for al
ii libc6 2.7-13 GNU C Library: Shared libraries
ii libgcc1 1:4.3.1-2 GCC support library
ii libgl1-mesa-glx [libgl1 7.0.3-5 A free implementation of the OpenG
ii libglu1-mesa [libglu1] 7.0.3-5 The OpenGL utility library (GLU)
ii libkonq4 4:3.5.9.dfsg.1-5 core libraries for Konqueror
ii libqt3-mt 3:3.3.8b-5 Qt GUI Library (Threaded runtime v
ii libstdc++6 4.3.1-2 The GNU Standard C++ Library v3
ii libx11-6 2:1.1.4-2 X11 client-side library
ii libxau6 1:1.0.3-3 X11 authorisation library
ii libxcursor1 1:1.1.9-1 X cursor management library
ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar
ii libxss1 1:1.1.3-1 X11 Screen Saver extension library
ii libxxf86misc1 1:1.0.1-3 X11 XFree86 miscellaneous extensio
kdesktop recommends no packages.
kdesktop suggests no packages.
-- no debconf information
Reply to: