Bug#685783: [/etc/pam.d/gdm3] pam_succeed_if module force case-sensitive LDAP logins.

cosme at tegnix.com cosme at tegnix.com
Fri Aug 24 13:33:03 UTC 2012


Package: gdm3
Version: 2.30.5-6squeeze4

Hi!

I'm working on a Debian Squeeze system that connects to a LDAP server
using libpam-ldapd and libnss-ldapd.

If I use GDM with an account like 1234h (in the LDAP server exist an
account called 1234H) we can't connect.

Login with the real username 1234H works without any problem.

Removing the following line in /etc/pam.d/gdm3 file:

auth required pam_succeed_if.so user != root quiet_success

And then I can connect with both usernames.

So, the only way that I found to allow case-insensitive usernames and deny
root login was use pam_listfile module instead of pam_succeed_if:

auth required pam_listfile.so item=user sense=deny file=/etc/users.deny
onerr=succeed quiet

Where /etc/users.deny has root username as content.



More information about the pkg-gnome-maintainers mailing list