After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 119853 - a root password cannot be inputted
a root password cannot be inputted
Status: RESOLVED FIXED
Product: gdm
Classification: Core
Component: general
2.4.2.x
Other Linux
: Normal normal
: ---
Assigned To: GDM maintainers
GDM maintainers
Depends on:
Blocks:
 
 
Reported: 2003-08-14 06:35 UTC by Noriyuki Suzuki
Modified: 2004-05-06 22:34 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Bypass authentication request when configuration has been asked (2.17 KB, patch)
2004-03-11 16:41 UTC, Frederic Crozat
none Details | Review

Description Noriyuki Suzuki 2003-08-14 06:35:57 UTC
You should require the root password when open a configuration dialog from
the login screen.
However, It is not required until push an enter key in order to skip an
input of username.

I use gdm-2.4.2.100 with linux/pam.
Comment 1 George Lebl 2003-08-20 17:34:52 UTC
I cannot reproduce it here.  Can you give more details such as your
pam setup, pam version and such?  Which greeter are you using and if
you use the debug option in the config file does anything relevant get
printed to syslog about this?
Comment 2 Noriyuki Suzuki 2003-08-22 02:33:14 UTC
I use follows.
 gdm-2.4.2.100
 pam-0.77

I use standard greeter and graphical greeters(circles and happy GNOME).
which is occurd similarly.

reproduce procedure is follow.

1. start gdm
# gdm -nodaemon
2. start greeter. It requests username.
3. select 'Actions'->'configure the login manager'
4. display is not changed.
It's not request root password to run the configuration.
5. press enter key or 'configure the login manager' select once again.
password dialog is displayed.

debug log

- start gdm. syslog is stoped here.
Aug 22 11:12:46 pc2 gdm[11825]: gdm_slave_wait_for_login: In loop
- select configuration. log is not added.
- press enter key or select once again.
Aug 22 11:13:20 pc2 gdm[11825]: gdm_slave_wait_for_login: end verify
for ''

It is stoped at pam_authenticate() (verify-pam.c:506).

pam configuration files.

gdm:

#%PAM-1.0
auth       required     pam_env.so
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    optional     pam_console.so

gdmsetup:

#%PAM-1.0
auth       sufficient   pam_rootok.so
auth       required     pam_stack.so service=system-auth
session    required     pam_permit.so
session    optional     pam_xauth.so
account    required     pam_permit.so

system-auth:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so likeauth nullok
auth        required      pam_deny.so

account     required      pam_unix.so

password    required      pam_cracklib.so retry=3 type=
password    sufficient    pam_unix.so nullok use_authtok md5 shadow
password    required      pam_deny.so

session     required      pam_limits.so
session     required      pam_unix.so
Comment 3 Frederic Crozat 2003-10-06 14:38:46 UTC
I'm seeing a similar on mdk 9.2 system (gdm 2.4.4.0) (bug
http://qa.mandrakesoft.com/show_bug.cgi?id=5075 )

When you select "Configure" for the first time, you hear a beep (the
same one you get when gdm is ready to accept login) and you need to
select "Configure" again. Nothing appear in syslog (with debug enable)
with the first "Configure" selection.
Comment 4 John Keller 2003-10-20 09:12:59 UTC
In to reply to comment 1 (George Lebl):

The problem appears because the configuration process doesn't not 
pass directly to the root password.

When the user selects "configure login manager", GDM expects the 
root password. However, the field for the user id is still 
displayed. You can either simply press Enter to show the password 
field or choose "configure login manager" again from the F10 menu or 
Actions dialog.

Since selecting the menu/dialog item a second time shows the root 
password field, it would appear that there is a small bug in the 
logic flow that expects a user id even for GDM-specific 
administration.

Adding to comment 2:

This bug can be reproduced for any theme or any locale.
Comment 5 George Lebl 2004-01-06 17:46:27 UTC
This is a weird bug.  I could never reproduce it here and I still
can't.   I'm completely baffeled why it happens.  It almost seems like
the interrupt message never gets delivered until an enter is pressed,
but the login manager DOES send '\n' so that shouldn't be a problem. 
I have absolutely no clue.
Comment 6 Frederic Crozat 2004-01-08 08:28:14 UTC
George, would some specific log helps ? I can still reproduce the
problem in Mdk cooker with gdm 2.4.4.7
Comment 7 Frederic Crozat 2004-03-10 11:06:04 UTC
I'm investigating this and it seems gdm daemon is blocked in
pam_authenticate and doesn't return on first selection of "Configure gdm".

Still don't know why... I'm continuing investigation
Comment 8 Frederic Crozat 2004-03-10 17:35:42 UTC
Ok, I've found what it causing the problem : in gdm pam file, you can
find : 

auth       required     pam_nologin.so 

When gdm conversation function returns PAM_CONV_ERR when "run
configurator" is choosen, pam insists on running ALSO pam_nologin
module which execute pam_get_user which queries again gdm conversation
function because the previous wasn't succesful and therefore not cached.

It seems we need to somehow remember we are still in the same
pam_authentication call in gdm and still return PAM_CONV_ERR and make
sure gdm will still run the configurator (interrupted is not longer
true since its value was already checked..)
Comment 9 Frederic Crozat 2004-03-11 16:41:26 UTC
Created attachment 25525 [details] [review]
Bypass authentication request when configuration has been asked
Comment 10 Frederic Crozat 2004-03-11 16:45:54 UTC
Uploaded patch fixes the problem : it will directly return
PAM_CONV_ERR without prompting for user info if configuration has been
asked. This is the only no-too-ugly-but-still-ugly hack I've been able
to write to workaround the pam_nologin module issue.
Comment 11 George Lebl 2004-05-06 22:33:54 UTC
Fixing in CVS.  Will make 2.6.0.2 shortly