Bug 17273 - default PAM configuration breaks gnome keyring automatic unlocking
Summary: default PAM configuration breaks gnome keyring automatic unlocking
Status: RESOLVED DUPLICATE of bug 16825
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Thierry Vignaud
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-12-02 17:34 CET by Guillaume Rousse
Modified: 2015-12-28 20:20 CET (History)
0 users

See Also:
Source RPM: gdm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Guillaume Rousse 2015-12-02 17:34:19 CET 
The current default PAM configuration for gdm is:
...
auth       include     system-auth
auth       optional    pam_gnome_keyring.so

And system-auth is:
auth        sufficient    pam_tcb.so shadow nullok prefix=$2a$ count=8

As a consequence, processing of a successful authentication stops immediatly after pam_tcb step, and pam_gnome_keyring never receive a copy of the user password.

Just turning the 'include' statement into a 'substack' statement, so as to force processing of the remaining elements upon return of the system-auth part, is enough to fix the issue. 



Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-12-03 15:08:02 CET 
Assigning to Thierry who has recent commits to the PAM part of this package.

Assignee: bugsquad => thierry.vignaud

Comment 2 Guillaume Rousse 2015-12-28 20:20:11 CET 
Duplicate.

*** This bug has been marked as a duplicate of bug 16825 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE
Note You need to log in before you can comment on or make changes to this bug.