GNOME Bugzilla – Bug 119853
a root password cannot be inputted
Last modified: 2004-05-06 22:34:08 UTC
You should require the root password when open a configuration dialog from the login screen. However, It is not required until push an enter key in order to skip an input of username. I use gdm-2.4.2.100 with linux/pam.
I cannot reproduce it here. Can you give more details such as your pam setup, pam version and such? Which greeter are you using and if you use the debug option in the config file does anything relevant get printed to syslog about this?
I use follows. gdm-2.4.2.100 pam-0.77 I use standard greeter and graphical greeters(circles and happy GNOME). which is occurd similarly. reproduce procedure is follow. 1. start gdm # gdm -nodaemon 2. start greeter. It requests username. 3. select 'Actions'->'configure the login manager' 4. display is not changed. It's not request root password to run the configuration. 5. press enter key or 'configure the login manager' select once again. password dialog is displayed. debug log - start gdm. syslog is stoped here. Aug 22 11:12:46 pc2 gdm[11825]: gdm_slave_wait_for_login: In loop - select configuration. log is not added. - press enter key or select once again. Aug 22 11:13:20 pc2 gdm[11825]: gdm_slave_wait_for_login: end verify for '' It is stoped at pam_authenticate() (verify-pam.c:506). pam configuration files. gdm: #%PAM-1.0 auth required pam_env.so auth required pam_stack.so service=system-auth auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session optional pam_console.so gdmsetup: #%PAM-1.0 auth sufficient pam_rootok.so auth required pam_stack.so service=system-auth session required pam_permit.so session optional pam_xauth.so account required pam_permit.so system-auth: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth required pam_deny.so account required pam_unix.so password required pam_cracklib.so retry=3 type= password sufficient pam_unix.so nullok use_authtok md5 shadow password required pam_deny.so session required pam_limits.so session required pam_unix.so
I'm seeing a similar on mdk 9.2 system (gdm 2.4.4.0) (bug http://qa.mandrakesoft.com/show_bug.cgi?id=5075 ) When you select "Configure" for the first time, you hear a beep (the same one you get when gdm is ready to accept login) and you need to select "Configure" again. Nothing appear in syslog (with debug enable) with the first "Configure" selection.
In to reply to comment 1 (George Lebl): The problem appears because the configuration process doesn't not pass directly to the root password. When the user selects "configure login manager", GDM expects the root password. However, the field for the user id is still displayed. You can either simply press Enter to show the password field or choose "configure login manager" again from the F10 menu or Actions dialog. Since selecting the menu/dialog item a second time shows the root password field, it would appear that there is a small bug in the logic flow that expects a user id even for GDM-specific administration. Adding to comment 2: This bug can be reproduced for any theme or any locale.
This is a weird bug. I could never reproduce it here and I still can't. I'm completely baffeled why it happens. It almost seems like the interrupt message never gets delivered until an enter is pressed, but the login manager DOES send '\n' so that shouldn't be a problem. I have absolutely no clue.
George, would some specific log helps ? I can still reproduce the problem in Mdk cooker with gdm 2.4.4.7
I'm investigating this and it seems gdm daemon is blocked in pam_authenticate and doesn't return on first selection of "Configure gdm". Still don't know why... I'm continuing investigation
Ok, I've found what it causing the problem : in gdm pam file, you can find : auth required pam_nologin.so When gdm conversation function returns PAM_CONV_ERR when "run configurator" is choosen, pam insists on running ALSO pam_nologin module which execute pam_get_user which queries again gdm conversation function because the previous wasn't succesful and therefore not cached. It seems we need to somehow remember we are still in the same pam_authentication call in gdm and still return PAM_CONV_ERR and make sure gdm will still run the configurator (interrupted is not longer true since its value was already checked..)
Created attachment 25525 [details] [review] Bypass authentication request when configuration has been asked
Uploaded patch fixes the problem : it will directly return PAM_CONV_ERR without prompting for user info if configuration has been asked. This is the only no-too-ugly-but-still-ugly hack I've been able to write to workaround the pam_nologin module issue.
Fixing in CVS. Will make 2.6.0.2 shortly