Univention Bugzilla – Bug 36743
/etc/pam.d/kdm allows normal user login
Last modified: 2014-11-26 06:54:52 CET
PT 4.0-0 UCS-4 uses KDM, while UCS-3 used GDM. A PAM file is only provided for GDM by UCR, so a "normal" user can still login: # egrep -v '^#|^$' /etc/pam.d/[gk]dm /etc/pam.d/gdm:@include common-auth /etc/pam.d/gdm:account required pam_access.so accessfile=/etc/security/access-gdm.conf listsep=, maxent=0x400001 /etc/pam.d/gdm:@include common-account /etc/pam.d/gdm:@include common-session /etc/pam.d/gdm:@include common-password /etc/pam.d/kdm:auth required pam_nologin.so /etc/pam.d/kdm:auth required pam_env.so readenv=1 /etc/pam.d/kdm:auth required pam_env.so readenv=1 envfile=/etc/default/locale /etc/pam.d/kdm:@include common-auth /etc/pam.d/kdm:session required pam_limits.so /etc/pam.d/kdm:@include common-account /etc/pam.d/kdm:@include common-password /etc/pam.d/kdm:@include common-session # dpkg -S /etc/univention/templates/files/etc/pam.d/?dm univention-pam: /etc/univention/templates/files/etc/pam.d/gdm # dpkg-query -W univention-pam univention-pam 8.0.2-1.257.201411061731
Created attachment 6388 [details] Bug #36743: Provide PAM configuration for KDM untested
Please apply the kdm part of your patch but don't change the gdm related files.
r55911 | Bug #36743: Provide PAM configuration for KDM added PAM configuration for KDM. Package: univention-pam Version: 8.0.3-1.258.201411180912 Branch: ucs_4.0-0 ChangeLog: r55911 | Bug #36743: Provide PAM configuration for KDM <application>kdm</application> is not used as the display manager for graphical login. The PAM configuration was updated to reflect this change (<ulink url="&ucsbug;35266">Bug 35266</ulink>, <ulink url="&ucsbug;36743">Bug 36743</ulink>)
Changelog: OK Code: OK Tests: OK: - Access is denied, after setting 'ucr set auth/kdm/user/stefan=yes', the login is allowed The login as root is currently not allowed: Bug #36852
UCS 4.0-0 has been released: http://docs.univention.de/release-notes-4.0-0-en.html http://docs.univention.de/release-notes-4.0-0-de.html If this error occurs again, please use "Clone This Bug".