Summary: | x11-apps/xdm ships invalid pam.d file, should use system-local-login to use pam_ck_connector (among others) | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Thomas <tg42> |
Component: | Current packages | Assignee: | Gentoo X packagers <x11> |
Status: | VERIFIED FIXED | ||
Severity: | normal | CC: | billie, pam-bugs+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Thomas
2011-01-23 18:54:37 UTC
For xdm you need to edit /etc/pam.d/system-login and remove 'nox11' from pam_ck_connector.so line. This is bug 342345. So propably a duplicate of that bug, but need output of 'ck-list-sessions' to verify. (In reply to comment #1) > For xdm you need to edit /etc/pam.d/system-login and remove 'nox11' from > pam_ck_connector.so line. This is bug 342345. I will try that. > So propably a duplicate of that bug, but need output of 'ck-list-sessions' to > verify. Session1: unix-user = '100' realname = 'Thomas' seat = 'Seat2' session-type = '' active = FALSE x11-display = ':0' x11-display-device = '/dev/tty7' display-device = '' remote-host-name = '' is-local = FALSE on-since = '2011-01-23T17:44:07.115186Z' login-session-id = '4294967295' is-local = FALSE. Very interesting. Oops. I missed "WINDOWMANAGER=/usr/bin/xfce4-session" in your original post. That is not supported. Launching by 'exec ck-launch-session startxfce4' is, see [1] startxfce4 does a lot more than what plain xfce4-session does, like executing dbus-session if missing, running correct export's for the menu etc. [1] http://www.gentoo.org/doc/en/xfce-config.xml I'm not happy to refer you into forums, an unofficial documentation, but this has been working well for people: https://forums.gentoo.org/viewtopic-t-858965-highlight-.html Thanks a lot for your quick help! (In reply to comment #3) > Oops. I missed "WINDOWMANAGER=/usr/bin/xfce4-session" in your original post. > That is not supported. > Launching by 'exec ck-launch-session startxfce4' is, see [1] I tried it, but it didn't change the problem, in fact. The process tree looks slightly different (gvfsd was started), but my ck-session is still non-local: Session2: unix-user = '100' realname = 'Thomas' seat = 'Seat3' session-type = '' active = FALSE x11-display = ':0' x11-display-device = '/dev/tty7' display-device = '' remote-host-name = '' is-local = FALSE on-since = '2011-01-23T19:24:12.747806Z' login-session-id = '4294967295' I also removed the nox11 entry from pam.d/system-login. Do i have to restart xdm to make this effective? (I will try this next, anyway.) > [1] http://www.gentoo.org/doc/en/xfce-config.xml Well, my xfce configuration is different. I especially would like to avoid policykit, which always started to make things more complicated (this is another bug report, though) and pulls in even more garb... err... packages i don't need. This requires me to unset udev (which i don't seem to miss, although udevd is there and started). Should i unset hal as well? BTW: one of the recent emerge messages stated that "policykit is dead" (good news in my ears / eyes). Does this also yield for the xfce4 universe? looks like xdm's ebuild is invalid too. it should have: pamd_mimic system-local-login xdm auth account session just like x11-misc/slim moving to x11@ maintainers so they can fix the xdm ebuild (In reply to comment #6) > looks like xdm's ebuild is invalid too. it should have: This was the very point, thanks a lot! > pamd_mimic system-local-login xdm auth account session pam.d/xdm includes system-auth instead of system-{,local-}-login. Since pam_mail and pam_motd don't make sense on an xdm login, i added the missing lines to pam.d/xdm (marked with a * below): #%PAM-1.0 auth required pam_nologin.so auth include system-auth auth optional pam_gnome_keyring.so * auth optional pam_mount.so account include system-auth password include system-auth password optional pam_gnome_keyring.so * session optional pam_loginuid.so * session required pam_env.so * session include system-auth session optional pam_ck_connector.so * session optional pam_gnome_keyring.so auto_start * session optional pam_mount.so Thanks a lot, now logout /shutdown works fine again! (In reply to comment #7) > (In reply to comment #6) > > looks like xdm's ebuild is invalid too. it should have: > > This was the very point, thanks a lot! It was not, i checked it on the wrong machine. > > pamd_mimic system-local-login xdm auth account session I simply tried to ln -s system-local-login xdm. This made xdm crash on login (some segfault). Using the pam file abv WITHOUT the pam_env.so allowed for login, but the problem (timeout on CanStop) was still present. Updating to xdm 1.1.10 enabled me to login using both, the soft-linked system-local-login as well as the xdm file abv. Now ck-list-sessions reports an active local session, this does not help with logout, however. So i suspect, this is not an xdm problem. I finally found a fix. Switching off the consolekit USE flag of xfce4-session gets rid of the delay before the logout popup. Entering xfsm-shutdown-helper into the sudoers file (correcting the directory to /usr/lib64/xfce4/session/xfsm-shutdown-helper in my case) re-enabled shutdown. Err... back to Comment #6 and this is the fix for it: +*xdm-1.1.10-r1 (24 Jan 2011) + + 24 Jan 2011; Samuli Suominen <ssuominen@gentoo.org> +xdm-1.1.10-r1.ebuild: + Use pam.eclass to generate system-local-login based pam.d file instead of + using custom pam.d file. This is required to get pam_loginuid and + pam_ck_connector from pambase wrt #352526. - Fiddling with pam.d/system-login and removing nox11 is still required wrt bug 342345. - Using ck-launch-session to start Xfce is also required (obviously ...) (In reply to comment #10) > Err... back to Comment #6 and this is the fix for it: Maybe i should not have closed this bug so quickly. Setting up xdm the way you propose still does not get xfce4-session a response from consolekit daemon. (Or whom ever it asks), cf. Comment #8. Disabling the consolekit flag obviously stops xfce4-session asking, what solves my problem (i don't know why i should use ConsoleKit, anyway). However, xfce4-session[consolekit] has a bug. |