Version: 4.6 (using KDE 4.6.2) OS: Linux Hello, I found a weird issue, in my KDE 4.6.3. When I double-click in KDM on the username/name, the users gets logged in without the need of password, even if in kdmrc it shouldn't allow it. The system is a Slackware based distribution called Kongoni and KDE is building using it's own SlackBuild scripts. Please let me know if there is need for more information and I would really love it, if I would get a quick answer, as this is a security issue. Reproducible: Always
are you sure you didn't configure password-less logins? NoPassEnable and NoPassUsers in kdmrc. alternatively, you could get the same effect by using pam_permit in /etc/pam.d/kde (or whichever service kdm is configured to use).
Here are the configuration for kdmrc and /etc/pam.d/kde. Don't think no pass is enabled. kde.pam #%PAM-1.0 auth required pam_nologin.so auth required pam_permit.so account required pam_unix.so password required pam_unix.so session required pam_unix.so session required pam_limits.so kdmrc [General] ConfigVersion=2.4 ConsoleTTYs=tty1,tty2,tty3,tty4,tty5,tty6 PidFile=/var/run/kdm.pid ReserveServers=:1,:2,:3 ServerVTs=-7 StaticServers=:0 AuthDir=/var/run/kdm GreeterUID=kdm DataDir=/var/lib/kdm [Shutdown] BootManager=None HaltCmd=/sbin/halt RebootCmd=/sbin/reboot [X-*-Core] AllowNullPasswd=false AllowRootLogin=false AllowShutdown=All AutoReLogin=true ClientLogFile=.xsession-errors-%d Reset=/usr/share/config/kdm/Xreset Session=/usr/share/config/kdm/Xsession SessionsDirs=/usr/share/config/kdm/sessions,/usr/share/apps/kdm/sessions Setup=/usr/share/config/kdm/Xsetup Startup=/usr/share/config/kdm/Xstartup [X-*-Greeter] AntiAliasing=true ColorScheme= FaceSource=AdminOnly FailFont=Sans Serif,10,-1,5,75,0,0,0,0,0 ForgingSeed=1232728347 GUIStyle= GreetFont=Serif,20,-1,5,50,0,0,0,0,0 GreetString=Welcome to %s at %n GreeterPos=50,50 HiddenUsers=root Language=en_US LogoArea=Logo LogoPixmap=/usr/share/icons/kongoni.png MaxShowUID=65000 MinShowUID=1000 Preloader=/usr/bin/preloadkde SelectedUsers= ShowUsers=NotHidden SortUsers=true StdFont=Sans Serif,10,-1,5,50,0,0,0,0,0 Theme=/usr/share/apps/kdm/themes/KongoniSpring UseBackground=true UseTheme=true UserCompletion=false UserList=true [X-:*-Core] AllowNullPasswd=true AllowShutdown=All NoPassEnable=false NoPassUsers= ServerArgsLocal=-nolisten tcp -dpi 96 ServerCmd=/usr/bin/X -br -quiet [X-:*-Greeter] AllowClose=false DefaultUser= FocusPasswd=true LoginMode=DefaultLocal PreselectUser=None [X-:0-Core] AutoLoginEnable=false AutoLoginLocked=false AutoLoginUser= ClientLogFile=.xsession-errors [Xdmcp] Enable=false Willing=/usr/share/config/kdm/Xwilling
OK, I think I found the issue: This is wrong in /etc/pam.d/kde: auth required pam_nologin.so auth required pam_permit.so should be: auth required pam_nologin.so auth required pam_unix.so
exactly. note that there should be _also_ a kde-np pam service (which is used for automatic and password-less logins), which must contain pam_permit for obvious reasons. presumably, the two files got mixed up during installation/configuration.
Actually got a bit more stupid that that, kde-np was linked to kde pam setup and kde pam setup had what kde-np need it :) On a different note, I got another issue with kdm, but this is not pam related: klauncher(799) kdemain: No DBUS session-bus found. Check if you have started the DBUS server. kdeinit4: Communication error with launcher. Exiting! kdmgreet(793)/kdecore (K*TimeZone*): KSystemTimeZones: ktimezoned initialize() D-Bus call failed: "Not connected to D-Bus server" Do I open a new ticket? or can continue with this one?
always a new ticket. but unless this is causing real problems, it's just noise. kdelibs makes it increasingly hard to run in kdm's non-session environment, so cut it some slack.
So shall I take it it's not an issue, just like you said noise?! and it can be totally ignored.
yes