Bug 5379

Summary: can't login as root with kdm
Product: Mageia Reporter: Tony Blackwell <tablackwell>
Component: RPM PackagesAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED FIXED QA Contact:
Severity: minor    
Priority: Normal CC: balcaen.john, ftg, lmenut
Version: Cauldron   
Target Milestone: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Source RPM: mageia-kde4-config CVE:
Status comment:

Description Tony Blackwell 2012-04-12 22:20:20 CEST 
Description of problem:all recent versions of Mageia up to M2beta1 after online updates allowed graphical root login to be configured by a knowledgeable user.    This was by editing /usr/share/config/kdm/kdmrc and changing AllowRoot to true.  This allowed the user to also choose gnome as the login shell.  This is no longer working in beta2

There has been impassioned discussion both for and against this on mageia-discuss.  As there is a significant group of users who use this feature, as shown on the mageia-discuss comments, I request that it be re-enabled.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
Comment 1 Manuel Hiebel 2012-04-14 00:42:38 CEST 
I have not followed your discussion, but for me this is an improvement than something else. Only thinking about security ...

CC: sysadmin-bugs => balcaen.john, lmenut
Component: Release (media or process) => RPM Packages
Summary: no graphical root login => can't login as root with kdm
Source RPM: (none) => mageia-kde4-config
Severity: major => minor

Comment 2 Frank Griffin 2012-04-14 01:47:31 CEST 
Just to bumper-sticker this:

1) KDM via kdmrc, has an AllowRootLogin keyword that can be set to true or false.
2) The OP on the ML thread wa used to having to edit kdmrc to change the upstream default of false.
3) Somebody, post-mga1, decided to change /etc/pam.d/kdm for mageia to disallow graphical root login unilaterally, regardless of the kdmrc setting
4) Most of the people disagreeing with this had no problem with disallowing it by default via the kdmrc keyword, but took exception to someone deciding to unilaterally disallow it external to the upstream mechanism (kdmrc)

The bottom line is that we don't need packges external to KDM interfering with functionality that the KDM package makes possible.  Disabling it by default using the KDM-supplied configuration is fine, but deliberately breaking that functionality is not.  Regardless of how ill-advised the practice may be, if KDM allows it to be optional, it's not our place to remove that option.

CC: (none) => ftg

Comment 3 John Balcaen 2012-04-14 01:52:32 CEST 
What is this change in /etc/pam.d/kdm wich prevent the root login ?
Comment 4 John Balcaen 2012-04-14 02:53:17 CEST 
Ok found it ;o)
It was due to the sync with the gdm pam files in fact.
Comment 5 John Balcaen 2012-04-15 01:32:52 CEST 
fixed in svn, kdm will handle now root login directly.
(the fix  should come with the next mageia-kde4-config)

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 6 Frank Griffin 2012-04-15 04:16:03 CEST 
Thanks.  There used to be an option in gdmsetup similar to the one in KDE, and if there still were, I'd enter a bug about getting rid of the gdm pam line as well, but in true GNOME fashion they seem to have thrown the baby so far out with the bathwater that after an hour of poking around, I still can't find the gdm conf file that contains a keyword anything like it.  Apparently GNOME got rid of the option to disallow root login, and now resorts to the pam approach if you want it turned off at all.  So I guess it's understandable that the line is in the gdm pam.
Comment 7 Tony Blackwell 2012-04-15 08:52:53 CEST 
The situation for at least several years was that making the AllowRoot change in kdmrc was also all that was needed to allow gnome login as well.  Worked for gdm also, in Mageia-1 and years of Mandriva.
Comment 8 Frank Griffin 2012-04-15 15:55:49 CEST 
Yep, but every google match I can find for gdm configuration refers to gdmsetup, which was dropped in 2.8 and not replaced.  There are various files called gdm.conf and the like, but none of them contain any general behavioral config keywords, at least as far as I can see.

There are references to "use-theforce-luke"-type magic switches for gdm that affect some aspect or other, but no general reference or indication of what files this stuff is kept in now.