Package: kdebase-bin Severity: normal
Subject: kdebase-bin: kcheckpass won't use ldap authentication without setuid Package: kdebase-bin Version: 4:3.3.2-1 Severity: normal -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (650, 'unstable'), (600, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.27-2-386 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages kdebase-bin depends on: ii kdelibs4 4:3.3.2-1 KDE core libraries ii libart-2.0-2 2.3.17-1 Library of functions for 2D graphi ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libfam0c102 2.7.0-6 client library to control the FAM ii libgcc1 1:3.4.3-9 GCC support library ii libice6 4.3.0.dfsg.1-10 Inter-Client Exchange library ii libidn11 0.5.2-3 GNU libidn library, implementation ii libpam-runtime 0.76-22 Runtime support for the PAM librar ii libpam0g 0.76-22 Pluggable Authentication Modules l ii libpng12-0 1.2.8rel-1 PNG library - runtime ii libqt3c102-mt 3:3.3.3-8 Qt GUI Library (Threaded runtime v ii libsm6 4.3.0.dfsg.1-10 X Window System Session Management ii libstdc++5 1:3.3.5-8 The GNU Standard C++ Library v3 ii libx11-6 4.3.0.dfsg.1-10 X Window System protocol client li ii libxext6 4.3.0.dfsg.1-10 X Window System miscellaneous exte ii libxrender1 0.8.3-7 X Rendering Extension client libra ii libxtst6 4.3.0.dfsg.1-10 X Window System event recording an ii xlibs 4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu ii zlib1g 1:1.2.2-4 compression library - runtime -- no debconf information More potentially useful stuff: ii libldap2 2.1.30-3 OpenLDAP libraries ii libnss-ldap 220-1 NSS module for using LDAP as a naming servic ii libpam-ldap 169-1 Pluggable Authentication Module allowing LDA ii kdebase-bin 3.3.2-1 KDE Base (binaries) ii libpam-modules 0.76-22 Pluggable Authentication Modules for PAM ii libpam-runtime 0.76-22 Runtime support for the PAM library ii libpam0g 0.76-22 Pluggable Authentication Modules library This may somewhat relate to bug #212212... It looks like it is a known issue with kcheckpass and ldap authentication that kcheckpass needs to be setuid. See http://lists.fini.net/pipermail/ldap-interop/2005-January/000208.html and search for kcheckpass. kscreensaver invokes kcheckpass like so: kcheckpass -c kscreensaver -m classic -S 13 This results in: Communication breakdown on write Once kcheckpass is setuid it works. According to the post referenced above, the real fix is to write a setuid wrapper to access the credentials cache. I don't know if debian is even using that cache; I can't find it. Regardless, kcheckpass will fail when ldap authentication is used currently. Adding the setuid bit fixes it. This should probably be considered a workaround until a safer, more permanent fix is found. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (650, 'unstable'), (600, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.27-1-386 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
