245421 – can't change expired password with kdm

Bug 245421 - can't change expired password with kdm

Summary: can't change expired password with kdm

Status:	RESOLVED UNMAINTAINED

Alias:	None

Product:	kdm
Classification:	Miscellaneous
Component:	general (show other bugs)
Version:	unspecified
Platform:	Fedora RPMs Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	kdm bugs tracker

URL:
Keywords:

Duplicates (1):	245510 (view as bug list)
Depends on:
Blocks:

Reported:	2010-07-22 11:32 UTC by johan.vandendorpe
Modified:	2018-04-16 20:22 UTC (History)
CC List:	5 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
KDM debug log (1.59 KB, text/x-log) 2010-07-27 12:57 UTC, Stephen Willey	Details
secure log (258 bytes, application/octet-stream) 2010-07-27 12:58 UTC, Stephen Willey	Details
secure log (258 bytes, text/plain) 2010-07-27 12:59 UTC, Stephen Willey	Details
Show Obsolete (1) View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description johan.vandendorpe 2010-07-22 11:32:34 UTC

Version:           unspecified (using KDE 4.4.0) 
OS:                Linux

Not implemented.

from source /libs/kdm/kgreeterplugin.h

    /**
     * Contexts the talker can be used in:
     * - Login: kdm login dialog
     * - Shutdown: kdm shutdown dialog
     * - Unlock: kdm unlock dialog (TODO)
     * - ChangeTok: kdm password change dialog (TODO)
     * - ExUnlock: kdesktop_lock unlock dialog
     * - ExChangeTok: kdepasswd password change dialog (TODO)
     *
     * The Ex* contexts exist within a running session; the talker must know
     * how to obtain the currently logged in user (+ domain/realm, etc.)
     * itself (i.e., fixedEntity will be null). The non-Ex variants will have
     * a fixedEntity passed in.
     */


Reproducible: Always

Steps to Reproduce:
Attempt to login account with expired password

Actual Results:  
Failed login

Expected Results:  
Prompt to change password with success/failure message

Comment 1 Oswald Buddenhagen 2010-07-27 11:58:19 UTC

you misunderstood the doc in the header. a forced password change which is part of the login process should work just fine. it just may be that the password is so much expired that PAM plain refuses to use it even just to change it. you'll need a root shell for that in any case (i.e., you'll get the same effect if you try to log in at the console, provided the kde PAM stack is configured the same as the login PAM stack).
if there was an actual bug, you'd need to submit a (sys-)log from kdm -debug 15. details can be found in the kdm README.

Comment 2 Oswald Buddenhagen 2010-07-27 12:24:01 UTC

*** Bug 245510 has been marked as a duplicate of this bug. ***

Comment 3 johan.vandendorpe 2010-07-27 12:28:19 UTC

Hello,

This happens also with new accounts that are set to change password on first login. Process works fine from login, gdm etc.

Will try and produce the log for you.

Comment 4 Stephen Willey 2010-07-27 12:56:09 UTC

Running kdm with -debug 15 doesn't seem to yield anything interesting in the log (attached).

/var/log/secure (attached) reports that "password expired and user password change failed".  We are using VAS for authentication against AD, but it appears the same happens for basic unix accounts.

Incidentally, KDM does recognise that the password has expired because it says:

"Your password has expired.  Please follow the prompts to set a new password"

As soon as you click OK on that pop-up, you get another which says:

"New password is invalid"

I've tried overwriting /etc/pam.d/kdm with /etc/pam.d/login and /etc/pam.d/gdm to no avail.  GDM and login both work as expected.

Comment 5 Stephen Willey 2010-07-27 12:57:08 UTC

Created attachment 49522 [details]
KDM debug log

Comment 6 Stephen Willey 2010-07-27 12:58:12 UTC

Created attachment 49523 [details]
secure log

sysName, username and domain have been changed for privacy reasons.

Comment 7 Stephen Willey 2010-07-27 12:59:25 UTC

Created attachment 49524 [details]
secure log

sysname, user and domain has been changed for privacy reasons.

Comment 8 Oswald Buddenhagen 2010-07-27 14:26:20 UTC

stephen, did you actually read the log file you posted? did you read the readme? did you read the hint in my previous message? how much more explicit do i have to be about kdm's usage of syslog?

Comment 9 Stephen Willey 2010-07-27 15:17:59 UTC

Firstly, there's no need to be rude.  I'm trying to be helpful by providing additional information.  I don't have to.  Referring to your first post responding to Johan, you write:

"you misunderstood the doc in the header"

What does "ChangeTok: kdm password change dialog (TODO)" mean if it's not yet to be implemented?


I didn't include the syslog because KDM had put nothing of any relevance in there.  The only line in fact is this:

Jul 27 11:47:53 sysName kdm_greet[13829]: Cannot load /net/homes/user/.face: Permission denied

Which I didn't feel was of great importance.

If I've missed something or should be reading from some alternate log, please let me know and I'll be more than happy to post the appropriate snippets, assuming your reply doesn't come in the form of an insult.

Comment 10 Oswald Buddenhagen 2010-07-27 19:53:25 UTC

the readme is pretty clear about what parts of syslog are interesting (and if you don't understand some terms from it, the first thing to try would be "man syslog"). do you really think that a single message at info level is all of kdm's debug output? doesn't it make you skeptical?

Comment 11 Oswald Buddenhagen 2010-09-11 16:12:07 UTC

please reopen when you have useful syslogs.

Comment 12 Nate Graham 2018-04-16 20:22:10 UTC

KDM is unmaintained and not used in KDE Plasma 5.

SDDM is the login manager used in KDE Plasma 5. If you still have this same issue with SDDM, please file an issue on the SDDM bugtracker (after doing a search for existing issues first!): https://github.com/sddm/sddm/issues/