Hide Forgot
Created attachment 574886 [details] gdm patch for PAM_RADIO_TYPE Description of problem: When a system is configured with pam_winbind, users can not log in via GDM when their password is within the password expiration notice period. When they attempt to login, they are kicked back out to the GDM greeter after displaying the expiration notice. This is because GDM does not handle the PAM message type PAM_RADIO_TYPE that GDM issues to ask the user if they want to change their password now. PAM_RADIO_TYPE is valid and this is not a bug with winbind; the problem is that GDM issues an assert in their switch statement for invalid messages types but does not handle all valid message types. I believe the best way to handle this is to make GDM just ignore the PAM_RADIO_TYPE messages. This results in behavior similar to other PAM modules with password expiration notices. The message is displayed for a couple of seconds and the login then continues. I am currently using this solution and it works fine. This could also be fixed in pam_winbind, but since I need to carry the patch until this is fixed in RHEL, gdm is less of a maintenance hassle than samba. Version-Release number of selected component (if applicable): gdm-2.30.4-33.el6_2 samba-winbind-3.5.10-114.el6 How reproducible: always Steps to Reproduce: 1. configure system for winbind 2. put user within a password expiration period 3. log in via GDM Actual results: password expiration notice is displayed, then the user is kicked back to the login prompt Expected results: message is displayed, user logs in Additional info: GNOME bug - https://bugzilla.gnome.org/show_bug.cgi?id=671106 Fedora bug - https://bugzilla.redhat.com/show_bug.cgi?id=709918 Samba bug - https://bugzilla.samba.org/show_bug.cgi?id=8691 Red Hat KB - https://access.redhat.com/knowledge/solutions/59904
This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux.
pam_winbind was patched to fix this in 6.3.
This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development. This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4.
Red Hat Enterprise Linux 6 is in the Production 3 Phase. During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available. The official life cycle policy can be reviewed here: http://redhat.com/rhel/lifecycle This issue does not meet the inclusion criteria for the Production 3 Phase and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please contact Red Hat Customer Support to request a re-evaluation of the issue, citing a clear business justification. Note that a strong business justification will be required for re-evaluation. Red Hat Customer Support can be contacted via the Red Hat Customer Portal at the following URL: https://access.redhat.com/