[Bug 1283957] Re: Lightdm changes case of username unless only certain users allowed

Steve Langasek steve.langasek at canonical.com
Tue Apr 5 03:13:22 UTC 2016 

I'm sorry this bug has taken so long to find its way to the pam package.
Unfortunately, this is not a bug per se in either component.  The
problem is a semantic difference between the two different pam modules:
you are using pam_ldap, which does case-insensitive name lookups
(because that's how LDAP works), together with pam_listfile which, like
all the modules include in pam, work on case-sensitive usernames
(because this is the standard Unix semantics).

We could reassign this bug to libpam-ldap, but this seems unlikely to
result in a change in the behavior of that module since it's been that
way for over a decade and no one's figured out a good way to fix it yet.

** Changed in: pam (Ubuntu)
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/1283957

Title:
  Lightdm changes case of username unless only certain users allowed

Status in pam package in Ubuntu:
  Won't Fix

Bug description:
  Ubuntu 12.04

  On a desktop where are our users are allowed to log in:
  Feb 24 08:04:24 southafrica lightdm: pam_ldap(lightdm:auth): username changed from Gerhard to gerhard
  and the user can successfully log in even though the username was typed with an upper case.

  On a desktop where we have a restricted list of users, the list is FIRST checked, before the case is changed, so the user cannot log in (admittedly when typing the username "incorrectly"), even though they are in the list of allowed users.
  Feb 24 08:04:18 southafrica lightdm: pam_listfile(lightdm:auth): Refused user Gerhard for service lightdm
  Feb 24 08:04:24 southafrica lightdm: pam_unix(lightdm:auth): check pass; user unknown
  Feb 24 08:04:24 southafrica lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= 
  Feb 24 08:04:24 southafrica lightdm: pam_winbind(lightdm:auth): getting password (0x00000388)
  Feb 24 08:04:24 southafrica lightdm: pam_winbind(lightdm:auth): pam_get_item returned a password
  Feb 24 08:04:24 southafrica lightdm: pam_ldap(lightdm:auth): username changed from Gerhard to gerhard

  0 root at southafrica:/etc/pam.d#grep allow lightdm
  auth required pam_listfile.so onerr=fail item=user sense=allow file=/etc/login.user.allowed
  0 root at southafrica:/etc/pam.d#grep -i gerhard /etc/login.user.allowed 
  gerhard

  
  A local override is to add gerhard AND Gerhard to /etc/login.user.allowed, but perhaps the upstream intention is to fix this typo for users.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1283957/+subscriptions

More information about the foundations-bugs mailing list