[kde] [Bug 351379] KDE Screenlock on Opensuse Tumbleweed does not accept correct password for user X (but for user root)
Wolfgang Bauer
wbauer at tmo.at
Thu Aug 20 16:52:26 BST 2015
https://bugs.kde.org/show_bug.cgi?id=351379
--- Comment #5 from Wolfgang Bauer <wbauer at tmo.at> ---
(In reply to Tom from comment #3)
> Indeed, I upgraded from 13.2 to Tumbleweed. However, the thread you posted,
> is long.
The problem is not in upgrading from 13.2 to Tumbleweed, but upgrading from
earlier versions.
Unlocking does not work when pam_unix2.so is used in the PAM config.
Since 13.1 pam_unix.so is the default, but if you upgraded from earlier
versions at some point you might still use pam_unix2.so.
> What do I have to do exactly?
There are two possibilities:
- change the PAM config in /etc/pam.d/ to use pam_unix.so instead of
pam_unix2.so. Actually you should have some *.rpmnew files in there, overwrite
the original files with those.
OR:
- make /usr/lib64/lib64/libexec/kcheckpass suid root:
sudo chmod +s /usr/lib64/lib64/libexec/kcheckpass
It then has the necessary privileges for checking the password in any case.
The latter has been declined by the security team though, and the former cannot
be fixed really, as updates/upgrades should not change user (or administrator)
configs.
(In reply to Tom from comment #4)
> How can such a severe and security-related bug find its way into Tumbleweed ?
This is no sever and security-related bug.
Actually on a fresh Tumbleweed installation (as well as on a fresh 13.1 or 13.2
installation), it should work as intended.
The problem is an outdated configuration, caused by upgrading.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Unassigned-bugs
mailing list