After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 320738 - GDM logs timed login user in when blank password is typed
GDM logs timed login user in when blank password is typed
Status: RESOLVED FIXED
Product: gdm
Classification: Core
Component: general
2.6.0.x
Other other
: Normal normal
: ---
Assigned To: GDM maintainers
GDM maintainers
Depends on:
Blocks:
 
 
Reported: 2005-11-05 03:34 UTC by cavvieira
Modified: 2005-12-25 02:31 UTC
See Also:
GNOME target: ---
GNOME version: 2.7/2.8


Description cavvieira 2005-11-05 03:34:09 UTC 
X-Mailer: bug-buddy 2.8.0

Distribution: Debian 3.1
Package: gdm
Severity: normal
Version: GNOME2.8.3 2.6.0.x
Gnome-Distributor: Debian
Synopsis: GDM logs timed login user in when blank password is typed
Bugzilla-Product: gdm
Bugzilla-Component: general
Bugzilla-Version: 2.6.0.x
Description:
Description of Problem:
I type a bogus username and a blank password and GDM logins the default
user.

Steps to reproduce the problem:
1. Assuming GDM is already set up for timed login, turn PC on (or logout
from current session).
2. Type a username not present in /etc/passwd and then ENTER.
3. Type ENTER again (i.e. blank password).

Actual Results:
GDM logins the timed login user.

Expected Results:
GDM should reject authentication, reset auto-login timer and ask
authentication info again.

How often does this happen?
Always reproductible.

Additional information:
Running Debian stable (r0a), no backports, unstable mixing or anything else.
Only security updates, gdm is updated (2.6.0.8-1).

$ gdm --version
GDM 2.6.0.8




------- Bug moved to this database by unknown@gnome.bugs 2005-11-05 03:34 UTC -------


The original reporter of this bug does not have
   an account here. Reassigning to the person who moved
   it here, unknown@gnome.bugs.
   Previous reporter was cavvieira@gmail.com.
Comment 1 Brian Cameron 2005-12-25 01:38:31 UTC 
I suspect this sort of problem would happen when the user's PAM isn't set up properly.  I don't see this problem.
Comment 2 Brian Cameron 2005-12-25 01:42:11 UTC 
Oh sorry, I do see this problem.  I wasn't testing it with the right configuration just before.  I'll look into this, this is weird.
Comment 3 Brian Cameron 2005-12-25 02:31:30 UTC 
Ok, this is now fixed in CVS head.  GDM is supposed to just go ahead and login as
the timed user if ENTER is hit when the Username is requested without actually
entering a username.  But it shouldn't do this at the password screen.  Only
gdmgreeter was broken, by the way.  gdmlogin was working properly.

Now this is fixed.  Also the above behavior (that GDM just goes ahead and logs
in the timed user if ENTER is hit from Username without actually entering a user
was not in the gdm.xml docs, so I added some info about this under the description of TimedLoginEnable.