[Bug 1679727] Re: Don't attempt to create devices in lx-brand containers
Joyent lx-brand user here with Ubuntu 14.04 image. Any guidance on how to work around this please? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1679727 Title: Don't attempt to create devices in lx-brand containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/makedev/+bug/1679727/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 892680] Re: PAM with LDAP breaks authentication to Policykit enabled Gnome applications using LDAP credentials
*** This bug is a duplicate of bug 781737 *** https://bugs.launchpad.net/bugs/781737 I have applied the patch detailed in https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/781737 and there is no change to the behaviour. I believe this bug has been incorrectly marked as a duplicate of 781737. In bug 781737 the OP notes the following: "When an application asks for special privileges through the policykit system, the list of domain administrators is correctly displayed..." I don't even see this - LDAP accounts are not displayed by policykit enable applications at all. This is 100 percent reproducible by the simple setup I have described here and is clearly not the same as 781737. Note that I am now using Ubuntu 12.04 x86 and OpenDJ 2.4.6. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/892680 Title: PAM with LDAP breaks authentication to Policykit enabled Gnome applications using LDAP credentials To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/892680/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 781737] Re: policykit cannot grant special priviledges from LDAP-identified administrators
Hi Loïc, Thanks very much for this, the patch now compiles cleanly. Unfortunately, it does not resolve my issue (there is no change at all) and I believe that https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/892680 has incorrectly been marked as a duplicate of this one. The critical piece of information is in the original first post for this bug: "When an application asks for special privileges through the policykit system, the list of domain administrators is correctly displayed..." I don't even see this - LDAP accounts are not displayed by policykit at all. I'll ask for my bug to be reopened. Cheers, Dave -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/781737 Title: policykit cannot grant special priviledges from LDAP-identified administrators To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/781737/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 892680] Re: PAM with LDAP breaks authentication to Policykit enabled Gnome applications using LDAP credentials
*** This bug is a duplicate of bug 781737 *** https://bugs.launchpad.net/bugs/781737 Same as Dan, comment #5 results in a prompt for root credentials. Seeing as this was marked as a duplicate of https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/781737 has anyone succesfully performed the steps detailed in that bug report for Ubuntu 12.04 x86? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/892680 Title: PAM with LDAP breaks authentication to Policykit enabled Gnome applications using LDAP credentials To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/892680/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 781737] Re: policykit cannot grant special priviledges from LDAP-identified administrators
I imagine the difference between versions of Ubuntu and therefore Policykit are causing this, as it will not build either. Can the patch please be updated for Ubuntu 12.04 x86? Without it I am still stuck with the behaviour I originally reported in bug https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/892680 polkitagenthelper-pam.c: In function ‘conversation_function’: polkitagenthelper-pam.c:277:13: warning: statement with no effect [-Wunused-value] polkitagenthelper-pam.c:290:21: error: ‘saved_credentials’ undeclared (first use in this function) polkitagenthelper-pam.c:290:21: note: each undeclared identifier is reported only once for each function it appears in make[5]: *** [polkit_agent_helper_1-polkitagenthelper-pam.o] Error 1 make[5]: Leaving directory `/usr/local/src/policykit-1-0.104/src/polkitagent' make[4]: *** [all] Error 2 make[4]: Leaving directory `/usr/local/src/policykit-1-0.104/src/polkitagent' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/usr/local/src/policykit-1-0.104/src' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/usr/local/src/policykit-1-0.104' make[1]: *** [all] Error 2 make[1]: Leaving directory `/usr/local/src/policykit-1-0.104' dh_auto_build: make -j1 returned exit code 2 make: *** [build] Error 2 dpkg-buildpackage: error: debian/rules build gave error exit status 2 debuild: fatal error at line 1350: dpkg-buildpackage -rfakeroot -D -us -uc -b failed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/781737 Title: policykit cannot grant special priviledges from LDAP-identified administrators To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/781737/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 781737] Re: policykit cannot grant special priviledges from LDAP-identified administrators
Hi, I'm trying to apply the patch list in comment #12 using the method in comment #6 and I'm getting this: dave@somemachine:/usr/local/src/policykit-1-0.104$ sudo patch -p1 < ./anti-rights-revocation.patch patching file src/polkitagent/polkitagenthelper-pam.c Hunk #4 succeeded at 173 (offset -2 lines). Hunk #5 succeeded at 227 (offset -4 lines). Hunk #6 FAILED at 245. Hunk #7 succeeded at 287 (offset -2 lines). Hunk #8 succeeded at 334 (offset -2 lines). 1 out of 8 hunks FAILED -- saving rejects to file src/polkitagent/polkitagenthelper-pam.c.rej Is this of any consequence? I'm on Ubuntu 12.04 x86. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/781737 Title: policykit cannot grant special priviledges from LDAP-identified administrators To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/781737/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 987060] Re: massive memory leak in unity-panel-service and hud-service when invoking the hud on Firefox profiles with large amounts of bookmarks
Same behaviour here and as described at Bug 1005174. Ubuntu 12.04 x86, hundreds of bookmarks, using a private Firefox Sync server. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/987060 Title: massive memory leak in unity-panel-service and hud-service when invoking the hud on Firefox profiles with large amounts of bookmarks To manage notifications about this bug go to: https://bugs.launchpad.net/indicator-appmenu/+bug/987060/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 892680] [NEW] PAM with LDAP breaks authentication to Policykit enabled Gnome applications using LDAP credentials
Public bug reported:
Hi,
1) Test system
My client is a fresh installation of Ubuntu 10.04 LTS x86. It has been
fully patched.
libnss-ldap and dependencies have then been installed with Synaptic
package manager using the local administrator account created during
installation of Ubuntu.
/etc/ldap.conf has been modified to point to an OpenDJ v2.4.2 LDAP
server running on the local network,using ldaps://server:port
nomenclature. I am not using SSL.
A dedicated bind account has been created in the LDAP server and this
has been specified in /etc/ldap.conf with the bind password recorded at
/etc/ldap.secret
PAM configuration files at /etc/pam.d have been modified to contain the
following, in order common-account, common-auth, common-password and
common-session:
account sufficient pam_ldap.so
account required pam_unix.so
auth sufficient pam_ldap.so
auth required pam_unix.so nullok_secure use_first_pass
password sufficient pam_ldap.so nullok
password required pam_unix.so nullok obscure min=4 max=8 md5
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required pam_unix.so
session optional pam_ldap.so
/etc/nsswitch.conf has been modified accordingly to contain the
following information:
passwd: files ldap
group: files ldap
shadow: files ldap
LDAP users can log in to the client successfully, and home directories
are created automatically. In LDAP, my test user accounts have been
assigned the gidNumber attribute value of 119 (admin).
2) What I expect to happen
As an LDAP user (note *not* as a local administrator), I expect to be
able to launch a Gnome application such as Ubuntu Software Center and
have Policykit validate my LDAP credentials correctly, such that I can
install or remove applications (or otherwise perform administrative
tasks).
3) What happened instead
Logging in to the system as an LDAP user, I can launch Ubuntu Software
Center. Upon (for example) attempting to install an application, I am
prompted for my credentials. I enter these (the same credentials used to
log into the system), but they are rejected with an "Authentication
Failure" error.
Also, Policykit seems to want to only accept the credentials of the
local administrator account created during installation of the OS, as
the authentication window prompts for "Password for itadmin" ('itadmin'
being my local administrator account).
4) Additional information
Using the same LDAP account and credentials, I can authenticate to and
use Synaptic Package Manager to install applications without issue.
Logged in as the LDAP user, the id command returns the following, where
"dave" is the LDAP username:
$ id
uid=1001(dave) gid=119(admin) groups=119(admin)
Policykit version details:
$ apt-cache policy policykit-1
policykit-1:
Installed: 0.96-2ubuntu0.1
Candidate: 0.96-2ubuntu0.1
Version table:
*** 0.96-2ubuntu0.1 0
500 http://nz.archive.ubuntu.com/ubuntu/ lucid-updates/main Packages
500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages
100 /var/lib/dpkg/status
0.96-2 0
500 http://nz.archive.ubuntu.com/ubuntu/ lucid/main Packages
** Affects: policykit-1 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/892680
Title:
PAM with LDAP breaks authentication to Policykit enabled Gnome
applications using LDAP credentials
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/892680/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 892480] [NEW] PAM with LDAPS breaks authentication via Policykit to Gnome applications as local administrator
Public bug reported: Hi, 1) Test system My client is a fresh installation of Ubuntu 10.04 LTS x86. It has been fully patched. libnss-ldap and dependencies have then been installed with Synaptic package manager using the local administrator account created during installation of Ubuntu. /etc/ldap.conf has been modified to point to an OpenDJ v2.4.2 LDAP server running on the local network,using ldaps://server:port nomenclature. The self-signed certificate from the OpenDJ server has been exported as a PEM encoded file and saved on the test Ubuntu client at /usr/share/ca- certificates/server.pem. The file has been made world readable. At /etc/ldap.conf the certificate has been pointed to accordingly: TLS_CACERTFILE /usr/share/ca-certificates/server.pem A dedicated bind account has been created in the LDAP server and this has been specified in /etc/ldap.conf with the bind password recorded at /etc/ldap.secret PAM configuration files at /etc/pam.d have been modified to contain the following, in order common-account, common-auth, common-password and common-session: account sufficientpam_ldap.so account required pam_unix.so authsufficientpam_ldap.so authrequired pam_unix.so nullok_secure use_first_pass passwordsufficientpam_ldap.so nullok passwordrequired pam_unix.so nullok obscure min=4 max=8 md5 session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required pam_unix.so session optional pam_ldap.so /etc/nsswitch.conf has been modified accordingly to contain the following information: passwd: files ldap group:files ldap shadow: files ldap LDAP users can log in to the client successfully, and home directories are created automatically. In LDAP, my test user accounts have been assigned the gidNumber attribute value of 119 (admin). 2) What I expect to happen As local administrator (note *not* as an LDAP user), I expect to be able to launch a Gnome application such as Ubuntu Software Center and have Policykit validate my credentials correctly such that I can install or remove applications (or otherwise perform administrative tasks). 3) What happened instead Logging in to the system as a local administrator, I can launch Ubuntu Software Center. Upon (for example) attempting to install an application, I am prompted for my credentials. I enter these (the same credentials used to log into the system), but they are rejected with an "Authentication Failure" error. 4) Additional information Using my Virtualbox host with a combination of snapshots, I have determined that this oddity appears specifically in this scenario when secure LDAP is configured on the client. If I modify /etc/ldap.conf and use plain LDAP, i.e. an insecure connection to my OpenDJ server without a certificate, then logged in to the test client as a local administrator I can successfully authenticate to Ubuntu Software Center. In either scenario, using Synaptic with the same credentials as local administrator poses no problem. Policykit version details: $ apt-cache policy policykit-1 policykit-1: Installed: 0.96-2ubuntu0.1 Candidate: 0.96-2ubuntu0.1 Version table: *** 0.96-2ubuntu0.1 0 500 http://nz.archive.ubuntu.com/ubuntu/ lucid-updates/main Packages 500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages 100 /var/lib/dpkg/status 0.96-2 0 500 http://nz.archive.ubuntu.com/ubuntu/ lucid/main Packages ** Affects: policykit-1 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/892480 Title: PAM with LDAPS breaks authentication via Policykit to Gnome applications as local administrator To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/892480/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 568748] Re: polkit-gnome-authentication-agent-1 not started on login
Hi Milan, I have since discovered this is a very strange issue with the version of OpenDJ I am running for my directory server, possibly in conjunction with the OpenIndiana host it's running on. I have set up a separate copy of OpenDJ of the same version but running on an Ubuntu host, and with identical settings in my test Ubuntu client except to alter /etc/ldap.conf to point to the second LDAP server, Policykit for LDAP users consistently runs successfully on login. I wouldn't know what the heck is going on here, but I'll follow up with the OpenDJ folks for a start. Thanks for your help. Cheers, Dave -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/568748 Title: polkit-gnome-authentication-agent-1 not started on login To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/568748/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 568748] Re: polkit-gnome-authentication-agent-1 not started on login
Hi Milan, Thanks, and good call. I've cleared out the LDAP user's home directory, and also cleared out /etc/skel from where home directory information was being populated. What I have now is a fresh home directory created on login, and the Policykit agent is still not running once logged in: dave@ubuntu-desktop:~$ ps -ef | grep policy root 1032 1 0 23:21 ?00:00:00 /usr/lib/policykit-1/polkitd dave 1414 1401 0 23:30 pts/000:00:00 grep policy I have then proceeded to run the agent manually under the same LDAP account login: dave@ubuntu-desktop:~$ /usr/lib/policykit-1-gnome/polkit-gnome- authentication-agent-1 (polkit-gnome-authentication-agent-1:1422): GLib-GObject-WARNING **: cannot register existing type `_PolkitError' (polkit-gnome-authentication-agent-1:1422): GLib-CRITICAL **: g_once_init_leave: assertion `initialization_value != 0' failed In spite of the errors, the agent appears to run (no further error output in the terminal window from which the command is running), and I am prompted for authentication when using Ubuntu Software Center to attempt to install and application for example. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/568748 Title: polkit-gnome-authentication-agent-1 not started on login To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/568748/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 568748] Re: polkit-gnome-authentication-agent-1 not started on login
Hi, I have the same or very similar issue on a test Ubuntu 10.04 x86 (not AMD64) system running in a VirtualBox VM. In my case, the system has been patched, then modified lightly to use PAM and LDAP for user login authentication. I actually have another problem in that even when the Policykit agent is running, my valid admin credentials are rejected for desktop apps that use Policykit for authentication, but in the first instance I have a very similar issue as originally described here - the agent is not running automatically for my LDAP users. I can provide comprehensive information on how I have configured my test system, and if necessary it should be able to be reproduced fairly easily and quickly. My summary however is as follows. /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1 is running for the local admin account login. For LDAP user logins however, it does not run automatically, and I have no autostart directory at all at ~/.config for my LDAP users. The agent can be started manually. I have attached the contents of a sample LDAP user's ~/.xession-errors file. Please let me know how best to handle this in terms of bug reporting, if I should file a new bug etc. Cheers, Dave ** Attachment added: "Xsession errors file contents for LDAP user" https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/568748/+attachment/2596320/+files/xsession-errors-2014.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/568748 Title: polkit-gnome-authentication-agent-1 not started on login To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/568748/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
