Version: unspecified (using KDE 4.4.0) OS: Linux Not implemented. from source /libs/kdm/kgreeterplugin.h /** * Contexts the talker can be used in: * - Login: kdm login dialog * - Shutdown: kdm shutdown dialog * - Unlock: kdm unlock dialog (TODO) * - ChangeTok: kdm password change dialog (TODO) * - ExUnlock: kdesktop_lock unlock dialog * - ExChangeTok: kdepasswd password change dialog (TODO) * * The Ex* contexts exist within a running session; the talker must know * how to obtain the currently logged in user (+ domain/realm, etc.) * itself (i.e., fixedEntity will be null). The non-Ex variants will have * a fixedEntity passed in. */ Reproducible: Always Steps to Reproduce: Attempt to login account with expired password Actual Results: Failed login Expected Results: Prompt to change password with success/failure message
you misunderstood the doc in the header. a forced password change which is part of the login process should work just fine. it just may be that the password is so much expired that PAM plain refuses to use it even just to change it. you'll need a root shell for that in any case (i.e., you'll get the same effect if you try to log in at the console, provided the kde PAM stack is configured the same as the login PAM stack). if there was an actual bug, you'd need to submit a (sys-)log from kdm -debug 15. details can be found in the kdm README.
*** Bug 245510 has been marked as a duplicate of this bug. ***
Hello, This happens also with new accounts that are set to change password on first login. Process works fine from login, gdm etc. Will try and produce the log for you.
Running kdm with -debug 15 doesn't seem to yield anything interesting in the log (attached). /var/log/secure (attached) reports that "password expired and user password change failed". We are using VAS for authentication against AD, but it appears the same happens for basic unix accounts. Incidentally, KDM does recognise that the password has expired because it says: "Your password has expired. Please follow the prompts to set a new password" As soon as you click OK on that pop-up, you get another which says: "New password is invalid" I've tried overwriting /etc/pam.d/kdm with /etc/pam.d/login and /etc/pam.d/gdm to no avail. GDM and login both work as expected.
Created attachment 49522 [details] KDM debug log
Created attachment 49523 [details] secure log sysName, username and domain have been changed for privacy reasons.
Created attachment 49524 [details] secure log sysname, user and domain has been changed for privacy reasons.
stephen, did you actually read the log file you posted? did you read the readme? did you read the hint in my previous message? how much more explicit do i have to be about kdm's usage of syslog?
Firstly, there's no need to be rude. I'm trying to be helpful by providing additional information. I don't have to. Referring to your first post responding to Johan, you write: "you misunderstood the doc in the header" What does "ChangeTok: kdm password change dialog (TODO)" mean if it's not yet to be implemented? I didn't include the syslog because KDM had put nothing of any relevance in there. The only line in fact is this: Jul 27 11:47:53 sysName kdm_greet[13829]: Cannot load /net/homes/user/.face: Permission denied Which I didn't feel was of great importance. If I've missed something or should be reading from some alternate log, please let me know and I'll be more than happy to post the appropriate snippets, assuming your reply doesn't come in the form of an insult.
the readme is pretty clear about what parts of syslog are interesting (and if you don't understand some terms from it, the first thing to try would be "man syslog"). do you really think that a single message at info level is all of kdm's debug output? doesn't it make you skeptical?
please reopen when you have useful syslogs.
KDM is unmaintained and not used in KDE Plasma 5. SDDM is the login manager used in KDE Plasma 5. If you still have this same issue with SDDM, please file an issue on the SDDM bugtracker (after doing a search for existing issues first!): https://github.com/sddm/sddm/issues/