Bug 182623

Summary: kdm doesn't obey PAM Application Developers Guide
Product: [Unmaintained] kdm Reporter: Wolfgang Ullrich <w.ullrich>
Component: generalAssignee: kdm bugs tracker <kdm-bugs-null>
Status: RESOLVED DUPLICATE    
Severity: normal CC: marc.collin, mstl
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Wolfgang Ullrich 2009-01-31 20:29:27 UTC 
Version:            (using KDE 4.1.3)
OS:                Linux
Installed from:    Ubuntu Packages

While user login kdm calls "pam_authenticate" _after_ prompting the user for name and/or password which contradicts the recommendation of the documentation (PAM ADG). It reads in chapter 2: "It is important to note that the application must leave all decisions about when to prompt the user at the discretion of the PAM library."

The current implemetation of kdm first prompts the user for his name and in some cases for his password and then it calls "pam_authenticate". This makes it impossible to use alternate authentication methods like smart cards or biometric processes to identify and/or authenticate a user.

The correct behavior would be to first call pam_authenticate and then await a callback from PAM's "conversation function" in case a "normal" authentication by keyboard is configured. That would make e.g. fingerprint login by PAM modules like "Fingerprint GUI" make possible in the same way they work with gdm.
Comment 1 Wolfgang Ullrich 2009-01-31 20:38:18 UTC 
The same behavior has been seen from kscreensaver.
Comment 2 Oswald Buddenhagen 2009-02-02 20:17:46 UTC 
doesn't look like it at first sight, but it *is* the same ...

*** This bug has been marked as a duplicate of bug 105631 ***
Comment 3 Dan Gherman 2010-07-26 19:12:40 UTC 
*** This bug has been confirmed by popular vote. ***
Comment 4 Marc Collin 2013-05-19 10:49:54 UTC 
i confirm it
Comment 5 mstl 2014-01-17 11:49:07 UTC 
Please fix that problem. We are waiting for a long time now. If I can help -> let me know!

tx in advance!