All ebuilds for gdm currently require pam installed rather than only requiring when pam USE flag is set. This results in gdm not working on pam-less systems by disallowing anyone to login. Manually deleting this dependancy allows gdm to compile and users to log in. Reproducible: Always Steps to Reproduce: System is 100% pam-less. "-pam" in USE. Used trick described in http://forums. gentoo.org/viewtopic.php?t=24522 to remove pam after it was installed after emerge system.
you cannot have a 'pam-less' system when using gdm at this time, so that's a bit of a non-argument. I'm not sure there's a working configure switch for pam in gdm or if it's a good idea to have a pam-less gdm altogether. We should look into this before we proceed.
To clarify, I do have pam-less systems. This has so far been acheieved by manually removing pam and pam-login from /etc/make.profile/packages before emerging system and after an emerge sync, specifying "-pam" in use flags and manually editing gdm configs to remove pam dependancy. Also, after emerging gdm I have manually removed the /etc/pam.d and /etc/security folders created by the ebuild. After further investigation I have found that gdm-2.4.1.7-r1 does work, but only for local users and not for users accessed via ypbind. This problem does not occur using gdm-2.4.4.7 which has so far worked flawlessly (tho a proper test would need many more days of usage). I have yet to test out gnome 2.6 but will do hopefully soon. However, pam is kinda forced upon people at installation, there appears a slightly complex nature of pam/gdm integration and there is probably only a handfull of gentoo users who do not wish to use pam. So I appreciate that this is probably not worth huge amounts of time and efforts should probably be spent on more pressing issues.
well, there is a switch now obviously. Care to make a patch (this goes a bit further than a switch alone). Altough i'm still not sure if it's a good idea to go about gdm 'pam-less'
no reply, reopen if needed (with patch)
Created attachment 41258 [details] proposed ebuild
Created attachment 41259 [details, diff] auxilary patch
*** Bug 66607 has been marked as a duplicate of this bug. ***
reopen as there is now a patch for testing
ok had some time to look at this, why the makefile patches i wonder ? Those files are not of any influence on a pamless sys are they...
It does not look like GDM package has an explicit --no-pam switch or something equivalent (--with-pam=no or anything working). Instead, they check presence of pam headers at a fixed location /usr/include/security/, and make decision if to compile pam in or not based on that. Bad practice. So if you have system that is already completely free from pam then you can go without the makefile patches, yes. But if sys-libs/pam already installed (is it installed by default somewhere while progressing from stage1 to stage 2/3?), and you (re)compile gdm with flag -pam with the stock makefiles the pam still gets compiled in, and then when you remove sys-libs/pam from system (as result of emerge --depclean or whatever), you end up with non-working gdm. To avoid that, the makefile patches ensure smooth and pleasant gentoo user experience in any case.
It just installs a bunch of files, if it was a detection problem, you should've fixed up configure.in .
gdm-2.6.0.6 has "--enable-authentication-scheme=auto/pam/crypt/shadow" configure option. It should be easy to build gdm without pam now.
yes, if you checked the proposed ebuild you could've seen it is already used. My question is about the makefile patches and their need, I want to get that cleared up. I don't have such a setup, I can't test it.
Created attachment 54480 [details, diff] gdm-2.6.0.7.ebuild-nopam.patch I have currently gdm installed with a pam-less system using only this patch. While I was emergeing I had pam installed from the previous gdm install: newkid gdm # qpkg -I -v sys-libs/pam sys-libs/pam-0.78-r2 * however newkid gdm # ldd /usr/bin/gdm* | grep -c pam 0 so apparently the Makefils patch isn't needed.
The above works just fine here too. Without the above patch I cannot login with gdm. I have -pam in USE as well.
Created attachment 56494 [details, diff] Edited the above patch to seperate pam/no pam totally Please check line 33 and 42-53 of the patch for correctness. Thanks! Cheers Sebastian
Comment on attachment 56494 [details, diff] Edited the above patch to seperate pam/no pam totally
Created attachment 56495 [details, diff] Actual patch :-) Sorry, fscked it up. This is the one.
FWIW, I've just applied Sebastian's provided patch and installed the resulting gdm-2.6.0.7.ebuild on my pam-less system succesfully. As far as I can tell gdm is working fine on my system. Here is the gentoo forums link to the details if anyone is interested: http://forums.gentoo.org/viewtopic-p-2326744.html#2326744
Shouldn't this "bug" be closed? gdm-2.6.0.9 has hit portage some time ago (26th of April) and the ebuild honors the pam USE flag (and it's working here). Totally awesome! Thanks to foser! Cheers Sebastian
correct, thanks for the work & time put in here by the different contributors over time.