[Touch-packages] [Bug 1195039] Re: Whitespaces in login name cause authentication problems

Wed, 10 Sep 2014 21:57:07 -0700 

Things worth checking:

a) If the LDAP server indicates in some way the correct unix username
for that account then make sure pam_ldap is correctly setting PAM_USER
it to this value (so other modules will use it).

b) If it is expected behaviour that the LDAP server ignores whitespace
then libpam-ldap should pre-strip the whitespace itself and update the
PAM_USER value.


** Also affects: unity-greeter (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: unity-greeter (Ubuntu)
       Status: New => Invalid

** Changed in: unity-greeter (Ubuntu)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1195039

Title:
  Whitespaces in login name cause authentication problems

Status in Light Display Manager:
  Invalid
Status in “libpam-ldap” package in Ubuntu:
  Triaged
Status in “lightdm” package in Ubuntu:
  Invalid
Status in “unity-greeter” package in Ubuntu:
  Invalid

Bug description:
  This is an Ubuntu 12.04.2 LTS deployment in an university lab environment. 
The university is in a transition setup, where student ids are provided both 
through an Active Directory, as well as LDAP. 
  So identification goes through both layers, first krb5 and then ldap. 
However, a home directory gets mounted via krb5.

  Behavior: if user types a whitespace (or more) at the beginning or the
  end of the username, lightdm takes that string literally and runs it
  through authentication. The confusion here was that while krb5 refuses
  to authenticate the string (which doesn't exist as a user), ldap
  strips the whitespaces and it happily authenticates the userid. The
  user gets in, but they don't have a home mounted.

  Is there any reason why leading whitespaces and trailing whitespaces
  are not being stripped out of the usernames? That would be of great
  help to our users here. The white space is just the natural way of
  waking up a dormant machine, so users do it frequently. It is also
  difficult to educate a large crowd about this issue, especially with
  the double authentication that behaves differently.

  Thank you.

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1195039/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to