Summary: | gnome-base/gdm: broken pamd file causes sys-auth/pambase[ssh] not to allow unlocking | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Justin Lecher (RETIRED) <jlec> |
Component: | [OLD] GNOME | Assignee: | Gentoo Linux Gnome Desktop Team <gnome> |
Status: | RESOLVED TEST-REQUEST | ||
Severity: | normal | CC: | fordfrog, pam-bugs+disabled, tiago |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Justin Lecher (RETIRED)
2010-11-18 13:59:55 UTC
Diego, Could this be a pam problem? Could, but: a) does it fail to unlock with gdm or with login(1)? b) do you have the same password set for both? c) what do you use for logging in, standard password or ssh key? d) please don't CC me directly, there is an alias, even though it only has two devs on it. (In reply to comment #2) > Could, but: > > a) does it fail to unlock with gdm or with login(1)? How can I test this? login into a virtual console? there it seems to work. > b) do you have the same password set for both? They are the same. I rechecked that. > c) what do you use for logging in, standard password or ssh key? I use standard login. I didn't change it. > d) please don't CC me directly, there is an alias, even though it only has two > devs on it. > Sorry for that. I wasn't aware that you are not the only pam dev. (In reply to comment #2) > Could, but: > > a) does it fail to unlock with gdm or with login(1)? > b) do you have the same password set for both? > c) what do you use for logging in, standard password or ssh key? But I added USE=ssh lately because I might want to try it. Will test to revert it. So confirmed, pam[ssh] breaks the unlocking. Are you logging in with your normal password or SSH? If the latter, then that's definitely the intended behaviour as you're not using a password acceptable for gnome-keyring… (In reply to comment #6) > Are you logging in with your normal password or SSH? If the latter, then that's > definitely the intended behaviour as you're not using a password acceptable for > gnome-keyring… > As the passwd are both the same I didn't know. A check with different passwords reveals, that I did log in with SSH and not the normal passwords. So using the normal passwd is alright. Okay so this happens to be … a GDM bug! If you look at the pambase way to integrate gnome-keyring, it is applied _before_ the system-auth chain… while GDM applies it _after_ the chain… Could bug #267130 be also related to this ? Could be… see why I said that GDM should follow pambase and not try to replace it? yes sure, however, on the weekend I tried to implement what you said in the other bug in gdm-2.32 and results are a bit strange to say the least. But I'll try that again when I've got my (real life) desk ready. I have no unlocking problems at all with Gnome 2.32 and gdm-2.20.11, with pambase-20101024 (with "pam_ssh" USE flag enabled) and pam_ssh-1.97-r2 Are you still having issues? (In reply to comment #12) > I have no unlocking problems at all with Gnome 2.32 and gdm-2.20.11, with > pambase-20101024 (with "pam_ssh" USE flag enabled) and pam_ssh-1.97-r2 > > Are you still having issues? > I tried the same versions as you did and it still fails. All passwords are the same, keyring is set as default. If pam_ssh.so is set to be sufficient for authentication and session the keyring is not unlocked, otherwise it is. I will try with pam_ssh*-r3 @gnome, the pam files installed by gdm are broken as hell if you didn't follow the various bug reports with diego. I'll work with him to fix the situation asap. OK, also looks today I am getting keyring problems after rebooting (sorry I didn't rebooted for testing this), will try to drop "pam_ssh" again I don't think gdm-2 will ever be fixed for pam bugs, maybe you should consider trying gdm-3 :/ What is the status of this with gdm-3? Please test again with gdm-3.8.3.1, we are using upstream pam file now, if still broken, we need to find the culprit and report to them also Thanks |