Hi, I found this strange behaviour:
I am using NIS with shadow passwords.
If I try to login as a user through kdm I get "Login failed".
Other login managers (console login, xdm) are working correctly.
Note that once you manage to login (e.g. using xdm), the kde lock screen
will return a password failure as well.
kdm works fine for user "root".
I've also tried to disable NIS, create a "test" user and copy my encrypted
passwd to the "test" entry in the /etc/shadow file. kdm fails with "Login
failed" for user "test". I deduce NIS is not the problem.
Then I have assigned a locally generated passwd to "test". This was created
as an md5 passwd and kdm works correctly.
Is that some trouble with kde and non-md5 passwords?
Trying to narrow it down:
I have removed the kdebase, kdelibs and kdesupport that come with redhat 6.2 and
installed the older kde 1.1.2 packages I was using with Redhat 6.1:
With the old version I can login again.
I have noticed that if you comment out the line
auth required /lib/security/pam_shells.so
from the file "/etc/pam.d/kde", both kdm and klock will work correctly.
Now, why kde is using the "/lib/security/pam_shells.so" module? Any security
implications in my action?
IF your users shell is not listed in /etc/shells they won't be able to login.
MAke sure the COMPLETE path to your users shell is listed in /etc/shells and kdm
and klock should work.
It's a feature - users with a shell of /dev/null, /bin/false or anything else
that is not listed in /etc/shells aren't supposed to be able to log in.