Hello, folks, the problem is now solved.
The problem was caused by a script located at /usr/share/libpam-
script/pam_script_auth, triggered by libpam-script (manpages: pam.d and
pam-script). This script allows some extra verifications using user's
password. It must be used very carefully, not only because the password
is available, but also because if the last command send a successful
execution signal, the authentication will succeed, even if the user gave
an wrong password and the ldap server returned an authentication
failure.
I apologize for opening this bug ticket.
** Changed in: unity
Status: Incomplete => Invalid
** Changed in: unity (Ubuntu)
Status: Incomplete => Invalid
--
You received this bug notification because you are a member of DX
Packages, which is subscribed to unity in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1447821
Title:
Lockscreen does not ask for ldap password
Status in Unity:
Invalid
Status in unity package in Ubuntu:
Invalid
Bug description:
I manage desktops where the users log into an today updated ubuntu
14.04.1 amd64 desktop using ldap users.
When the desktop goes to lockscreen, in order to unlock I may [see
IMG_20150423_182816.jpg attached]:
1. Use my right ldap password: Unlock successfully;
2. Use a wrong ldap password: It doesn't unlock, showing an error message;
3. Don't use any password, just press "Enter": Unlock successfully!
This is a serious security failure. One unauthorized person walking
around could access a machine and use it.
There's no references in logs like syslog, auth.log, etc.
To manage notifications about this bug go to:
https://bugs.launchpad.net/unity/+bug/1447821/+subscriptions
--
Mailing list: https://launchpad.net/~dx-packages
Post to : dx-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dx-packages
More help : https://help.launchpad.net/ListHelp
