Bug 485727

Summary: Not able to unlock with cached credentials.
Product: [Fedora] Fedora Reporter: Patrik Martinsson <martinsson.patrik>
Component: gnome-screensaverAssignee: jmccann
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 11CC: collura, cschalle, cstpierr, jmccann, rstrode
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-06-28 11:17:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Patrik Martinsson 2009-02-16 15:59:50 UTC 
Description of problem:
When trying to unlock the screensaver with cached credentials it doesnt unlock. I've seen dussins of theese kind of reports, and tried everything without success.However i came across the solution today, and i suspect that its easy to correct. 

As default the ccreds_chkpwd application is stored in /usr/sbin/, however gnome-screensavar (and also xscreensaver) seems to be looking for it in /sbin/. Couse as soon as i make a link (ln -s /usr/sbin/ccreds_chkpwd /sbin/) it works. 

ccreds_chkpwd is known as the PASSWD_HELPER_PROGRAM if i understand the source code correctly, and it seems to require at configurationtime an absolute path which is later transformed into an hardcoded path when the application is built ? 

When i look through the gnome-screensaver-2.24.1-2.fc10.src.rpm i cant rally find where you specify this path at all, so maybe im mistaken, althou the fact stays, if you make a link, the screensaver will unlock, otherwise it will not. 

We use the pam_krb5 to authenticate and pam_ccred when offline, this works fine at the login prompt and through gdm, therefore i make the conclusion that the pam configuration is correct. 


Version-Release number of selected component (if applicable):
gnome-screensaver-2.24.1-2 


How reproducible:
Try to use cached credentials with gnome-screensaver.


Steps to Reproduce:
1.
2.
3.
  
Actual results:
Telling me i have the wrong password. 

Expected results:
Letting me in, using cached credentials. (as both gdm and ttylogin does)

Additional info:
Comment 1 Chris St. Pierre 2009-08-11 00:23:11 UTC 
I have replicated this issue (and the proposed fix) on Fedora 11.
Comment 2 Bug Zapper 2009-11-18 12:45:56 UTC 
This message is a reminder that Fedora 10 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 10.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '10'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 10's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 10 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 3 Chris St. Pierre 2009-11-19 02:42:24 UTC 
As noted in my comment, this can be replicated on F11, so I've changed the version to 11.
Comment 4 collura 2010-02-09 21:35:43 UTC 
it sounds like this is similar to the issue i am having.


at some point the system screen saver kicks in as normal but on occasion the password to reactivate session is not accepted though believed to be correctly typed.

rebooted and password worked fine.  (seems to me the last time it happened i had to regenerate the password file from the outside but been a while and dont remember)

"no password available for user" ??

i have had similar problems with fc10 and fc11 intermitantly but often the reboot doesnt help and the system is locked until reinstall because didnt take time to resolve the actual question.

the following is an outtake from the security log:



Feb  9 15:11:38 q gnome-screensaver-dialog: gkr-pam: unlocked 'login' keyring
Feb  9 15:12:04 q unix_chkpwd[4194]: password check failed for user (xxxxxxx)
Feb  9 15:12:04 q gnome-screensaver-dialog: pam_unix(gnome-screensaver:auth): authentication failure; logname= uid=99999 euid=99999 tty=:0.0 ruser= rhost=  user=xxxxxxx
Feb  9 15:12:04 q gnome-screensaver-dialog: gkr-pam: unlocked 'login' keyring
Feb  9 15:12:26 q gnome-screensaver-dialog: pam_unix(gnome-screensaver:auth): conversation failed
Feb  9 15:12:26 q gnome-screensaver-dialog: pam_unix(gnome-screensaver:auth): auth could not identify password for [xxxxxxx]
Feb  9 15:12:26 q gnome-screensaver-dialog: gkr-pam: no password is available for user
Feb  9 15:15:59 q unix_chkpwd[4209]: password check failed for user (xxxxxxx)
Feb  9 15:15:59 q gnome-screensaver-dialog: pam_unix(gnome-screensaver:auth): authentication failure; logname= uid=99999 euid=99999 tty=:0.0 ruser= rhost=  user=xxxxxxx
Feb  9 15:15:59 q gnome-screensaver-dialog: gkr-pam: unlocked 'login' keyring
Feb  9 15:17:46 q sshd[1772]: Server listening on 0.0.0.0 port 22.
Comment 5 Bug Zapper 2010-04-27 12:58:54 UTC 
This message is a reminder that Fedora 11 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 11.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '11'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 11's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 11 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 6 collura 2010-04-27 16:43:53 UTC 
i havent seen this issue in fc12 so hopefully its been squashed.

(no longer have fc10/fc11 test system, and fc13alpha is looking nice.)
Comment 7 Bug Zapper 2010-06-28 11:17:33 UTC 
Fedora 11 changed to end-of-life (EOL) status on 2010-06-25. Fedora 11 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.