"auth sufficient" case /etc/pam.d/common-auth: auth sufficient pam_usb.so auth [success=1 default=ignore] pam_unix.so nullok_secure try_first_pass auth requisite pam_deny.so auth required pam_permit.so auth optional pam_ecryptfs.so unwrap auth optional pam_cap.so
Tom: knows his password and has the USB device John: does not know Tom's password or have the USB device Expected: To login as Tom, an user must know Tom's password or have the USB device either. Actual: == Tom logged out with the USB device plugged == [+0.00s] DEBUG: Logging to /var/log/lightdm/lightdm.log [+0.00s] DEBUG: Starting Light Display Manager 1.2.3, UID=0 PID=7727 <snip> [+0.85s] DEBUG: Activating VT 7 [+1.64s] DEBUG: Greeter start authentication for tom [+1.64s] DEBUG: Started session 7854 with service 'lightdm', username 'tom' [+1.87s] DEBUG: Session 7854 authentication complete with return value 0: Success [+1.87s] DEBUG: Authenticate result for user tom: Success [+1.91s] DEBUG: User tom authorized == Tom left from the PC with the unplugged USB device == == After a few minutes, John came at the PC then press Enter == [+107.87s] DEBUG: Greeter requests session ubuntu [+107.87s] DEBUG: Using session ubuntu [+107.87s] DEBUG: Stopping greeter <snip> [+108.54s] DEBUG: Starting session ubuntu as user tom == John can login as Tom without typing any password or having any USB device == That is undesired behavior. lightdm does not timeout authentication or check authenticate result again at real login. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1159457 Title: lightdm allows login with unplugged device needed for authentication To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1159457/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
