[Bug 779408] New: Password to be set at next login / login without password do not work
https://bugzilla.novell.com/show_bug.cgi?id=779408 https://bugzilla.novell.com/show_bug.cgi?id=779408#c0 Summary: Password to be set at next login / login without password do not work Classification: openSUSE Product: openSUSE 12.2 Version: Final Platform: x86-64 OS/Version: openSUSE 12.2 Status: NEW Severity: Major Priority: P5 - None Component: GNOME AssignedTo: bnc-team-gnome@forge.provo.novell.com ReportedBy: mike.catanzaro@gmail.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0 It is impossible to log in to a user account if the password login option is set to "choose password at next login" or "log in without password" in GNOME System Settings. Also, there are some selection issues with these options. After selecting "choose password at next login", if you then select "log in without password", your setting will be reverted. You can disable the account, but if you then select "log in without password", it will again revert to "choose password at next login". The only way to select "log in without password" at this point is to set a password anyway, then select "log in without password." Your selection will now be retained. (Though you'll still be unable to log in. ^^) Reproducible: Always Steps to Reproduce: 1. Go to System Settings -> User accounts and create a new user account for testing. 2. Select "log in without password" 3. Log out of your current account and attempt to log into the new account. 4. GDM will request a password, as if it doesn't realize you do not have one. (This might be intentional.) Leave the password field blank. An authentication failure will occur. 5. Log in to your original account and change the test account to "choose password at next login." 6. Log out and try to login to the test account. GDM will request a password as usual, without prompting for the creation of a new one. Enter anything (since you're supposed to be setting your password). An authentication failure will occur. 7. Log back into your original account and change the setting on the test accoutn to "log in without password". Wait about two seconds and the setting will revert to "choose password at next login." -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c1
David Liang
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0
It is impossible to log in to a user account if the password login option is set to "choose password at next login" or "log in without password" in GNOME System Settings.
Also, there are some selection issues with these options. After selecting "choose password at next login", if you then select "log in without password", your setting will be reverted. You can disable the account, but if you then select "log in without password", it will again revert to "choose password at next login". The only way to select "log in without password" at this point is to set a password anyway, then select "log in without password." Your selection will now be retained. (Though you'll still be unable to log in. ^^)
Reproducible: Always
Steps to Reproduce: 1. Go to System Settings -> User accounts and create a new user account for testing. 2. Select "log in without password" 3. Log out of your current account and attempt to log into the new account. 4. GDM will request a password, as if it doesn't realize you do not have one. (This might be intentional.) Leave the password field blank. An authentication failure will occur. 5. Log in to your original account and change the test account to "choose password at next login." 6. Log out and try to login to the test account. GDM will request a password as usual, without prompting for the creation of a new one. Enter anything (since you're supposed to be setting your password). An authentication failure will occur. 7. Log back into your original account and change the setting on the test accoutn to "log in without password". Wait about two seconds and the setting will revert to "choose password at next login."
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c2
--- Comment #2 from David Liang
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c3
--- Comment #3 from Michael Catanzaro
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c4
David Liang
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c5
--- Comment #5 from David Liang
When I log in via tty1 after selecting "choose password at next login" I still get prompted for a password, but no password works, same as when trying to log in via GDM. (This time I forgot to make another user account first, so I had to log in as root to recover.)
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c6
--- Comment #6 from Michael Catanzaro
I saw the 'choose password at next login' bug as you described, the old password failed to work, password match failed in the underling pam module. But I cannot reproduce it anymore... Can you still be able to reproduce it? Any steps which I can following?
I've never yet seen this feature work. =/ Here is what I did to reproduce it just now: 1) Using my user account, create a new account: Full Name: Big Bird Username: bigbird 2) The account is initially disabled, so assign a password: Password: bigbird (Kind of surprised System Settings allowed that password, but whatever.) 3) Log out, attempt to log in to bigbird. - Attempt 1: GNOME never loads. This was probably random chance though. - Attempt 2: GNOME loads, all is well. 4) Log into main account, select bigbird in user account settings and select "choose password on next login." Log out. 5) Attempt to log in to bigbird. Type original password. gdm reports authentication failed! No way to log into bigbird until manually resetting his password. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c7
--- Comment #7 from Benjamin Brunner
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c8
Benjamin Brunner
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c9
--- Comment #9 from Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c10
--- Comment #10 from Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c11
Michael Catanzaro
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c12
--- Comment #12 from Michael Catanzaro
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c
Michael Catanzaro
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c13
Benjamin Brunner
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c14
Michael Catanzaro
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c15
--- Comment #15 from Michael Catanzaro
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c16
--- Comment #16 from Michael Catanzaro
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c17
--- Comment #17 from Michael Catanzaro
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c18
Vincent Untz
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c19
Michael Catanzaro
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c20
--- Comment #20 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c21
--- Comment #21 from Michael Catanzaro
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c22
--- Comment #22 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c23
Vincent Untz
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c24
Michael Catanzaro
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c25
--- Comment #25 from Vincent Untz
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c26
--- Comment #26 from Michael Catanzaro
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c27
--- Comment #27 from Vincent Untz
I think that's this one. :-) I was just planning to reopen it after the maintenance update. Would it be better to make a new one?
(Should we assign it to the base system team?)
I think a new one would be better (as this one as lots of comments already). It should be assigned to the maintainer of pam (osc maintainer openSUSE:Factory pam) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c28
--- Comment #28 from Michael Catanzaro
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c29
Michael Catanzaro
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c30
--- Comment #30 from David Liang
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c31
--- Comment #31 from Vincent Untz
In Yast, the old password was preserved, the expire date was changed to '0'. In system setting (accountservice), the expire data was changed to '0', however old password was cleaned. Pam authenticated policy will verify the old password and ask the user to set the new password. In system setting, as the old password was cleaned, pam failed to authenticate the password.
Good point. It's probably a bug in accountsservice that it removes the old password first. This shouldn't be needed. The code to fix is http://cgit.freedesktop.org/accountsservice/tree/src/user.c#n1396 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c32
--- Comment #32 from Michael Catanzaro
From the code, the author supposes that the underlining pam module accepts an empty password input if the password preserved was null. Thus both the 'passwordless login' and 'set at next login' implementations are reasonable. I
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c33
--- Comment #33 from David Liang
The code to fix is http://cgit.freedesktop.org/accountsservice/tree/src/user.c#n1396
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c34
--- Comment #34 from Vincent Untz
Hi, I get some other opinions while reading this code.
I was just talking about the "set password at next login" option. Passwordless is a different matter, indeed. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c35
--- Comment #35 from Michael Catanzaro
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c36
--- Comment #36 from Michael Catanzaro
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c37
--- Comment #37 from Michael Catanzaro
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c38
--- Comment #38 from Vincent Untz
Vincent, I think it would be a good idea to just remove the broken UI for the time being -- does that sound good?
As long as the right fixes are being worked on for the long term, that's fine with me. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c39
--- Comment #39 from Michael Catanzaro
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c40
--- Comment #40 from Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c41
--- Comment #41 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=779408
https://bugzilla.novell.com/show_bug.cgi?id=779408#c42
Benjamin Brunner
participants (1)
-
bugzilla_noreply@novell.com