126152 – Cannot authenticate on a LDAP directory

Bug 126152 - Cannot authenticate on a LDAP directory

Summary: Cannot authenticate on a LDAP directory

Status:	RESOLVED NOT A BUG

Alias:	None

Product:	kscreensaver
Classification:	Miscellaneous
Component:	kcheckpass (show other bugs)
Version:	unspecified
Platform:	Fedora RPMs Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	kscreensaver bugs tracking

URL:
Keywords:

Depends on:
Blocks:

Reported:	2006-04-24 09:45 UTC by aurelien grosdidier
Modified:	2008-05-19 17:32 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description aurelien grosdidier 2006-04-24 09:45:18 UTC

Version:           packaged with 3.5.2-0.2.fc5 (using KDE KDE 3.5.2)
Installed from:    Fedora RPMs
OS:                Linux

The default installation of kdebase, kcheckpass cannot authenticate vs a LDAP directory. One of the consequence is that one cannot unlock its screensaver.

The fix is to chmod +s `which kcheckpass`, as described in http://lists.debian.org/debian-qt-kde/2005/03/msg00044.html.

Comment 1 Oswald Buddenhagen 2006-04-24 18:43:29 UTC

you wouldn't believe it, but we actually do this. :)
please report a packaging bug against fedora.

Comment 2 Tim 2006-07-05 17:13:38 UTC

Oswald,

the setuid mask causes the problem if you uses pam_krb5 for pam backends to authenticate.

------- Relevant /var/log/messages ------
Jun 21 10:45:02 xt23 kcheckpass: pam_krb5[27538]: TGT verified using key for
'host/xt23.mth.udmn.de@MTH.UDMN.DE'
Jun 21 10:45:02 xt23 kcheckpass: pam_krb5[27538]: authentication succeeds for
'mad' (mad@MTH.UDMN.DD)
Jun 21 10:45:02 xt23 kcheckpass: pam_krb5[27538]: won't refresh credentials
while running setuid/setgid


Do you know why pam_ldap requires root priviliges? It seems a conflict here.