56753 – pam_console stoped working when I set up pam_ldap with an LDAPS server

Bug 56753 - pam_console stoped working when I set up pam_ldap with an LDAPS server

Summary: pam_console stoped working when I set up pam_ldap with an LDAPS server

Status:	RESOLVED DUPLICATE of bug 31877

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Core system (show other bugs)
Hardware:	x86 Linux

Importance:	High normal (vote)
Assignee:	PAM Gentoo Team (OBSOLETE)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-07-11 21:55 UTC by Jeffrey Crawford
Modified:	2005-07-17 13:06 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jeffrey Crawford 2004-07-11 21:55:42 UTC

I hope I can explane this right as it is somewhat complex. the line in gdm will not work when I am using pam_ldap to authenticate a user:

session    optional     /lib/security/pam_console.so

I can tell because the file /var/run/console.lock is not created. If I turn the LDAPS server off and login (Which uses pam_unix_auth as a fallback) then the file is created and it contains the name of the user that has logged in. If I turn the LDAPS server back on and re-login the file is not created so it is very much related to being authenticated by LDAPS. By the way I found this problem because my gtkam program stopped working as a result to this. It uses pam_console as a basis to set the permissions on the camera device so the current user can access it. I had to change /etc/hotplug/usb/usbcam to allow all users to access it whenever it is installed as a workaround.

Reproducible: Always
Steps to Reproduce:
1. install pam_ldap nss_ldap and setup LDAP authentication
2. login using gdm
3.

Actual Results:  
The devices /proc/bus/usb/001/* would not get new permissions due to hotplug not
setting them resulting from pam_console's failure when using LDAPS to
authenticate users

Expected Results:  
I would expect pam_console not to care as to what authenticated a user when they
log in and create the console locks, like when logging in a user using the local
user database.

System uname: 2.4.25_pre7-gss-r2 i686 AMD Athlon(tm) Processor
Gentoo Base System version 1.4.16
Autoconf: sys-devel/autoconf-2.59-r3
Automake: sys-devel/automake-1.8.3
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-O3 -march=athlon -mcpu=athlon -fomit-frame-pointer -pipe"
CHOST="i686-pc-linux-gnu"
COMPILER="gcc3"
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config
/usr/kde/3.2/share/config /usr/kde/3/share/config /usr/lib/mozilla/defaults/pref
/usr/share/config /var/bind /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O3 -march=athlon -mcpu=athlon -fomit-frame-pointer -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache sandbox"
GENTOO_MIRRORS="http://gentoo.ccccom.com ftp://gentoo.ccccom.com
ftp://mirrors.tds.net/gentoo"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dnow X X509 acl acpi alsa apache2 apm arts avi berkdb bonobo cdr crypt
cups doc dvd encode esd fbcon foomaticdb gdbm gif gnome gphoto2 gpm gtk gtk2
gtkhtml guile imap imlib java joystick jpeg ldap libg++ libwww mad mikmod motif
mozcalendar mozilla mpeg ncurses nls oggvorbis opengl oss pam pdflib perl png
postgres pwdb python quicktime readline ruby sasl scanner sdl slang spell ssl
svga tcpd tiff truetype usb x86 xml2 xmms xv zlib"

Comment 1 Robin Johnson archtester

2004-12-08 03:40:47 UTC

We're moving away from pam_console.
We know about this problem here.

*** This bug has been marked as a duplicate of 31877 ***