Not able to configure PAM services

The lock screen (in Unity) currently uses the lightdm PAM configuration, though this is likely to change in the future (bug 1305440).

When you say it's "not for the traditional Ubuntu desktop" do you mean this PAM module should not be used on Ubuntu desktop? i.e. we need different configuration for the phone than the desktop?

If we do need different configuration, a possible solution is to have a file /usr/share/lightdm/lightdm.conf.d/80-phone-pam-service.conf:
[SeatDefaults]
pam-service = lightdm-phone

Then have /etc/pam/lightdm-phone containing a different configuration.

Note we don't actually support configurable PAM services but this would be easy to add.

Configurable PAM services implemented in lp:~robert-ancell/lightdm/configurable-pam-service

Right, I don't think we want to enable pam_tally2 on desktop at this time. We may want to as we move towards converged and people are using PINs as passwords. Your branch seems to handle this very well. lightdm can remain unchanged (except for this patch) on the desktop, and the ubuntu-touch-session package can ship the necessary files to incorporate pam_tally2.

Thanks for you work on this!

This bug was fixed in the package lightdm - 1.11.5-0ubuntu1

---------------
lightdm (1.11.5-0ubuntu1) utopic; urgency=medium

  * New upstream release:
    - Make PAM services configurable (LP: #1348251)
  * debian/guest-account:
  * debian/lightdm.install:
  * debian/rules:
  * debian/patches/05_translate_debian_files.patch:
    - Make the real name of a guest account translatable (LP: #1177713)
 -- Robert Ancell <email address hidden> Mon, 28 Jul 2014 13:40:46 +1200

Huh, I thought we had a different bug about this, but I can't find it now.

I just wanted to note here that we found that pam_tally2 didn't have enough reporting to be useful to us. It couldn't tell the greeter (A) how many attempts were left to go or (B) when it was causing a punitive delay (vs a PAM delay for some other reason -- though the greeter could probably guess after a few seconds).

So we went with a tally kept in AccountsService. If we later figure out how to take more advantage of pam_tally2, we can always change backends. Losing existing tallies isn't a big deal.

Thanks for uploading the fix for this bug report to -proposed. However, when reviewing the package in -proposed and the details of this bug report I noticed that the bug description is missing information required for the SRU process. You can find full details at http://wiki.ubuntu.com/StableReleaseUpdates#Procedure but essentially this bug is missing some of the following: a statement of impact, a test case and details regarding the regression potential. Thanks in advance!

https://launchpad.net/ubuntu/+source/lightdm/1.10.3-0ubuntu2 is available in trusty-proposed.

---------------
lightdm (1.10.3-0ubuntu2) trusty; urgency=medium

  * Refresh patches

 -- Robert Ancell <email address hidden> Fri, 10 Oct 2014 21:24:51 +1300

lightdm (1.10.3-0ubuntu1) trusty; urgency=medium

  * New upstream release:
    - Fix crash when having configuration keys defined in multiple places
      (LP: #1377373)
    - Allow user switching in multi-seat until bug stopping greeter showing on
      logout is fixed
    - Don't access .dmrc files until information from these files is required
      (LP: #1370852)
    - Do timed autologin each time you are returned to the greeter
      (LP: #1302491)

 -- Robert Ancell <email address hidden> Thu, 09 Oct 2014 09:01:21 +1300

lightdm (1.10.2-0ubuntu1) trusty; urgency=medium

  * New upstream release:
    - Use logind to provide the list of seats to use. This is disabled unless
      logind-load-seats (in [LightDM] section) is set to true. This is the
      default behaviour in lightdm 1.12. (LP: #1190581)
    - Fix crash if running script hooks with non-X display servers.
      (LP: #1305006)
    - Add a seat option 'allow-user-switching' that can disable all user
      switching for that seat. (LP: #1350357)
    - Make PAM services configurable. (LP: #1348251)
    - Add liblightdm method to get user UID. (LP: #1370327)
    - Add a new session type 'mir-container' that allows the session to run
      inside a custom system compositor. (LP: #1359332)
    - Add --show-config option that shows combined configuration.
    - Use XDG_SESSION_ID from PAM instead of using the logind D-Bus API.
      (LP: #1364725)
    - Make socket writing code used between greeter and daemon more robust to
      errors.
    - Correct section name in default users.conf file.
    - Fix tests failing with Qt 5.3 due to it checking getuid/geteuid which we
      are faking.
    - Fix small memory leaks.
    - Test improvements

 -- Robert Ancell <email address hidden> Wed, 17 Sep 2014 16:27:53 +1200

lightdm is available in the trusty-proposed repository and at https://launchpad.net/ubuntu/+source/lightdm/1.10.3-0ubuntu2 .

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Confirmed in 1.10.3-0ubuntu2

This bug was fixed in the package lightdm - 1.10.3-0ubuntu2

---------------
lightdm (1.10.3-0ubuntu2) trusty; urgency=medium

  * Refresh patches
 -- Robert Ancell <email address hidden> Fri, 10 Oct 2014 21:24:51 +1300