Bug 519294 - xrdp should use system-auth for PAM authentication
Summary: xrdp should use system-auth for PAM authentication
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: xrdp
Version: 11
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Itamar Reis Peixoto
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-08-26 00:03 UTC by Bojan Smojver
Modified: 2009-09-29 14:25 UTC (History)
1 user (show)

Fixed In Version: 0.5.0-0.5.20090811cvs.fc10
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-09-15 21:02:51 UTC


Attachments (Terms of Use)

Description Bojan Smojver 2009-08-26 00:03:13 UTC
Description of problem:
Currently xrdp ships /etc/pam.d/xrdp-sesman file that relies on pam_unix. This should be changed to system-auth, so that regular authentication on the machine "just works".

Version-Release number of selected component (if applicable):
0.5.0-0.2.20090811cvs.fc11

How reproducible:
Always.

Steps to Reproduce:
1. Attempt to login to the machine over RDP where the account is not local account.
  
Actual results:
Authentication doesn't work.

Expected results:
Should work.

Additional info:
Two lines in /etc/pam.d/xrdp-sesman file should be:
-------------
auth    include system-auth
account include system-auth
-------------

Comment 1 Bojan Smojver 2009-08-26 00:06:46 UTC
BTW, it would also be good if default encryption level in xrdp.ini file was set to high.

Comment 2 Fedora Update System 2009-09-04 22:57:20 UTC
xrdp-0.5.0-0.3.20090811cvs.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/xrdp-0.5.0-0.3.20090811cvs.fc11

Comment 3 Fedora Update System 2009-09-04 22:58:37 UTC
xrdp-0.5.0-0.3.20090811cvs.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/xrdp-0.5.0-0.3.20090811cvs.fc10

Comment 4 Fedora Update System 2009-09-04 22:58:42 UTC
xrdp-0.5.0-0.3.20090811cvs.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/xrdp-0.5.0-0.3.20090811cvs.el5

Comment 5 Fedora Update System 2009-09-04 22:58:46 UTC
xrdp-0.5.0-0.3.20090811cvs.el4 has been submitted as an update for Fedora EPEL 4.
http://admin.fedoraproject.org/updates/xrdp-0.5.0-0.3.20090811cvs.el4

Comment 6 Itamar Reis Peixoto 2009-09-04 22:59:23 UTC
please let me know if it's working now.

Comment 7 Fedora Update System 2009-09-06 20:37:35 UTC
xrdp-0.5.0-0.3.20090811cvs.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update xrdp'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-9317

Comment 8 Fedora Update System 2009-09-06 20:47:11 UTC
xrdp-0.5.0-0.3.20090811cvs.fc11 has been pushed to the Fedora 11 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update xrdp'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-9382

Comment 9 Bojan Smojver 2009-09-06 23:20:23 UTC
I'll repeat the comment here, because bodhi screwed it up.

The first two lines (not including the comment) from /etc/pam.d/xrdp-sesman should be removed:
-----------------
#%PAM-1.0
auth       required	pam_unix.so shadow nullok
account    required	pam_unix.so
auth    include system-auth
account include system-auth
-----------------

system-auth will already include everything that is required for successful authentication, according to whatever the administrator configured for the machine.

xrdp.ini file looks good.

Comment 10 Itamar Reis Peixoto 2009-09-08 06:11:20 UTC
(In reply to comment #9)

please tell me what /etc/pam.d/xrdp-sesman need's to have.

Comment 11 Bojan Smojver 2009-09-08 06:48:02 UTC
(In reply to comment #10)
> (In reply to comment #9)
> 
> please tell me what /etc/pam.d/xrdp-sesman need's to have.  

Just this:

#%PAM-1.0
auth    include system-auth
account include system-auth

Comment 12 Fedora Update System 2009-09-08 17:56:58 UTC
xrdp-0.5.0-0.5.20090811cvs.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/xrdp-0.5.0-0.5.20090811cvs.fc11

Comment 13 Fedora Update System 2009-09-08 17:57:03 UTC
xrdp-0.5.0-0.5.20090811cvs.el4 has been submitted as an update for Fedora EPEL 4.
http://admin.fedoraproject.org/updates/xrdp-0.5.0-0.5.20090811cvs.el4

Comment 14 Fedora Update System 2009-09-08 17:57:08 UTC
xrdp-0.5.0-0.5.20090811cvs.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/xrdp-0.5.0-0.5.20090811cvs.el5

Comment 15 Fedora Update System 2009-09-08 17:57:13 UTC
xrdp-0.5.0-0.5.20090811cvs.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/xrdp-0.5.0-0.5.20090811cvs.fc10

Comment 16 Fedora Update System 2009-09-08 22:58:42 UTC
xrdp-0.5.0-0.5.20090811cvs.el4 has been pushed to the Fedora EPEL 4 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update xrdp'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-4/FEDORA-EPEL-2009-0396

Comment 17 Fedora Update System 2009-09-08 22:58:56 UTC
xrdp-0.5.0-0.3.20090811cvs.el4 has been pushed to the Fedora EPEL 4 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update xrdp'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-4/FEDORA-EPEL-2009-0400

Comment 18 Fedora Update System 2009-09-08 23:00:26 UTC
xrdp-0.5.0-0.3.20090811cvs.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update xrdp'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-5/FEDORA-EPEL-2009-0404

Comment 19 Fedora Update System 2009-09-08 23:00:37 UTC
xrdp-0.5.0-0.5.20090811cvs.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update xrdp'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-5/FEDORA-EPEL-2009-0409

Comment 20 Fedora Update System 2009-09-10 03:45:06 UTC
xrdp-0.5.0-0.5.20090811cvs.fc11 has been pushed to the Fedora 11 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update xrdp'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-9449

Comment 21 Fedora Update System 2009-09-10 03:45:11 UTC
xrdp-0.5.0-0.5.20090811cvs.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update xrdp'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-9450

Comment 22 Fedora Update System 2009-09-10 22:55:15 UTC
xrdp-0.5.0-0.5.20090811cvs.el4 has been pushed to the Fedora EPEL 4 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update xrdp'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-4/FEDORA-EPEL-2009-0396

Comment 23 Fedora Update System 2009-09-10 22:57:29 UTC
xrdp-0.5.0-0.5.20090811cvs.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update xrdp'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-5/FEDORA-EPEL-2009-0409

Comment 24 Fedora Update System 2009-09-15 21:02:45 UTC
xrdp-0.5.0-0.5.20090811cvs.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 25 Fedora Update System 2009-09-26 01:29:20 UTC
xrdp-0.5.0-0.5.20090811cvs.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 26 Fedora Update System 2009-09-26 01:29:54 UTC
xrdp-0.5.0-0.5.20090811cvs.el4 has been pushed to the Fedora EPEL 4 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 27 Fedora Update System 2009-09-29 14:25:12 UTC
xrdp-0.5.0-0.5.20090811cvs.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.