[Bug 1195039] Re: Whitespaces in login name cause authentication problems
Robert Ancell
robert.ancell at canonical.com
Thu Sep 11 04:44:19 UTC 2014
This one turns out to be more complex than it looks. Unfortunately due
to the way PAM works neither LightDM or the greeter know for sure the
context of the prompts that PAM sends. So they don't know they're being
asked for a username or something else in which whitespace might be
significant. It seems unlikely but since we can never know what PAM
modules exist we can't just strip whitespace from PAM responses.
Trying to log in from a text terminal confirms that a simple login will
fail with whitespace. Code checking pam_unix, pam_ldap and pam_krb5
doesn't appear to show them making any attempt to strip whitespace. I'm
assuming then the whitespace stripping is being done server side on your
LDAP server?
>From a user experience it seems correct that whitespace should be
ignored and the only thing that can do this reliably is the PAM modules
which know the context of the username response from LightDM/Unity
Greeter. So I'll reassign this bug to libpam-ldap as that seems to be
the module that the problem might be in.
** Also affects: lightdm (Ubuntu)
Importance: Undecided
Status: New
** Also affects: libpam-ldap (Ubuntu)
Importance: Undecided
Status: New
** Changed in: libpam-ldap (Ubuntu)
Status: New => Triaged
** Changed in: libpam-ldap (Ubuntu)
Importance: Undecided => Medium
** Changed in: lightdm (Ubuntu)
Status: New => Invalid
** Changed in: lightdm (Ubuntu)
Importance: Undecided => Medium
** Changed in: lightdm
Status: Triaged => Invalid
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libpam-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/1195039
Title:
Whitespaces in login name cause authentication problems
To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1195039/+subscriptions
More information about the Ubuntu-server-bugs
mailing list