Bug 37015 - /etc/pam.d/kdm allows normal user login
/etc/pam.d/kdm allows normal user login
Status: NEW
Product: UCS Test
Classification: Unclassified
Component: General
unspecified
All Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
: interim-4
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-11-26 07:07 CET by Stefan Gohmann
Modified: 2018-04-14 13:47 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2014-11-26 07:07:55 CET
Please check if a test case is possible.

+++ This bug was initially created as a clone of Bug #36743 +++

PT 4.0-0
UCS-4 uses KDM, while UCS-3 used GDM. A PAM file is only provided for GDM by UCR, so a "normal" user can still login:

# egrep -v '^#|^$' /etc/pam.d/[gk]dm

/etc/pam.d/gdm:@include common-auth
/etc/pam.d/gdm:account required pam_access.so accessfile=/etc/security/access-gdm.conf listsep=, maxent=0x400001
/etc/pam.d/gdm:@include common-account
/etc/pam.d/gdm:@include common-session
/etc/pam.d/gdm:@include common-password

/etc/pam.d/kdm:auth       required     pam_nologin.so
/etc/pam.d/kdm:auth       required     pam_env.so readenv=1
/etc/pam.d/kdm:auth       required     pam_env.so readenv=1 envfile=/etc/default/locale
/etc/pam.d/kdm:@include common-auth
/etc/pam.d/kdm:session    required     pam_limits.so
/etc/pam.d/kdm:@include common-account
/etc/pam.d/kdm:@include common-password
/etc/pam.d/kdm:@include common-session

# dpkg -S /etc/univention/templates/files/etc/pam.d/?dm
univention-pam: /etc/univention/templates/files/etc/pam.d/gdm

# dpkg-query -W univention-pam
univention-pam  8.0.2-1.257.201411061731