Summary: | sys-auth/pambase: please add support for pam_systemd | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Michał Górny <mgorny> |
Component: | [OLD] Core system | Assignee: | PAM Gentoo Team (OBSOLETE) <pam-bugs+disabled> |
Status: | RESOLVED FIXED | ||
Severity: | enhancement | CC: | alecm_88, dschridde+gentoobugs, egorov_egor, netz, peter.saaf, ssuominen, suka, systemd, tdalman |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=612712 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Michał Górny
2011-06-19 08:06:19 UTC
Any chance of getting this in? Would be another step in getting rid of consolekit (which GNOME is trying to do / make possible with the next release) Possible it's possible. The main problem is that PAM in Gentoo really needs an overhaul, but I don't have the time to do so, especially not during my spare time, and not alone. I have written somewhere in http://blog.flameeyes.eu/tag/pam all that I was going to work on, and I asked for help/funds, and generally I got no answer nor anywhere to go. So patches, funds, help welcome. It would be really nice to add this. As already mentioned in bug #391339, on my machine running systemd, user mounting of removable drives is broken without pam_systemd. However, if I follow the instructions in https://bugzilla.redhat.com/show_bug.cgi?id=612712 and add -session required pam_systemd.so to /etc/pam.d/system-auth, shutting down the system from within KDE does not work anymore (I get dropped back to kdm, where shutdown works). Additionally, su sessions end with "...killed", which looks a bit buggy to me. Any help on setting this up would be greatly appreciated. Probably it is just a matter of adding this line to the correct file? Just to add to this: With GNOME 3.4 and USE="systemd" networkmanager is also broken without the pam_systemd line added. (In reply to comment #4) > Just to add to this: With GNOME 3.4 and USE="systemd" networkmanager is also > broken without the pam_systemd line added. This is because polkit with USE=systemd. In this case polkit using systemd for check user session, not consolekit. Without pam_systemd user session not registering. I'll see whether I can go back to the new pambase in June... When you decide to roll a new tarball for pambase, please just apply the patch from $FILESDIR into it. *pambase-20120417-r1 (19 Jun 2012) 19 Jun 2012; Samuli Suominen <ssuominen@gentoo.org> +pambase-20120417-r1.ebuild, +files/pambase-20120417-systemd.patch: Use `usex` from eutils.eclass for defining "varvalue". Support for pam_systemd.so wrt #372229 by Michał Górny. +-session optional pam_ck_connector.so nox11 This doesn't seem correct. Since you broke it, please fix it. (In reply to comment #8) > +-session optional pam_ck_connector.so nox11 > > This doesn't seem correct. Since you broke it, please fix it. Looks correct to me, - just makes it nonfatal It has an extra dash symbol in front of the new line... it shouldn't be there. (In reply to comment #10) > It has an extra dash symbol in front of the new line... it shouldn't be > there. It does because I added it there to make the logind implementations nonfatal in purpose. Tested to be working (and helps me while I'm testing too). It's already non-fatal by the optional.. (In reply to comment #12) > It's already non-fatal by the optional.. Not for the case where the file is not found... I am sorry that I write to a closed bug. Why pam_systemd.so added to the system-login and not system-auth? I tested on multiple configurations, and everything works fine with system-auth. If you do not add this to the system-auth, systemd not registered user session when logging in through kdm, su, etc. Thank you. (In reply to comment #14) > I am sorry that I write to a closed bug. > Why pam_systemd.so added to the system-login and not system-auth? > I tested on multiple configurations, and everything works fine with > system-auth. If you do not add this to the system-auth, systemd not > registered user session when logging in through kdm, su, etc. > Thank you. Are you sure about "su"? If you have just said "kdm" I would blame kdm's pam.d file for not using system-local-login properly. Or does /etc/pam.d/kdm use system-local-login? (In reply to comment #15) > Are you sure about "su"? Yes. /etc/pam.d/su, /etc/pam.d/sudo, /etc/pam.d/kde include system-auth > If you have just said "kdm" I would blame kdm's pam.d file for not using > system-local-login properly. > Or does /etc/pam.d/kdm use system-local-login? May be you are right. This on my work PC: # grep system-auth /etc/pam.d/ -R /etc/pam.d/sudo:auth include system-auth /etc/pam.d/sudo:account include system-auth /etc/pam.d/sudo:session include system-auth /etc/pam.d/pop:auth include system-auth /etc/pam.d/pop:account include system-auth /etc/pam.d/pop:session include system-auth /etc/pam.d/imap:auth include system-auth /etc/pam.d/imap:account include system-auth /etc/pam.d/imap:session include system-auth /etc/pam.d/pop3:auth include system-auth /etc/pam.d/pop3:account include system-auth /etc/pam.d/pop3:session include system-auth /etc/pam.d/pop3s:auth include system-auth /etc/pam.d/pop3s:account include system-auth /etc/pam.d/pop3s:session include system-auth /etc/pam.d/pops:auth include system-auth /etc/pam.d/pops:account include system-auth /etc/pam.d/pops:session include system-auth /etc/pam.d/imap4:auth include system-auth /etc/pam.d/imap4:account include system-auth /etc/pam.d/imap4:session include system-auth /etc/pam.d/imap4s:auth include system-auth /etc/pam.d/imap4s:account include system-auth /etc/pam.d/imap4s:session include system-auth /etc/pam.d/imaps:auth include system-auth /etc/pam.d/imaps:account include system-auth /etc/pam.d/imaps:session include system-auth /etc/pam.d/kde:auth include system-auth /etc/pam.d/kde:account include system-auth /etc/pam.d/kde:password include system-auth /etc/pam.d/kde:session include system-auth /etc/pam.d/kde-np:account include system-auth /etc/pam.d/kde-np:password include system-auth /etc/pam.d/kde-np:session include system-auth /etc/pam.d/ppp:auth include system-auth /etc/pam.d/ppp:account include system-auth /etc/pam.d/ppp:session include system-auth /etc/pam.d/diald:auth include system-auth /etc/pam.d/diald:account include system-auth /etc/pam.d/saslauthd:auth include system-auth /etc/pam.d/saslauthd:account include system-auth /etc/pam.d/saslauthd:session include system-auth /etc/pam.d/cups:auth include system-auth /etc/pam.d/cups:account include system-auth /etc/pam.d/samba:account include system-auth /etc/pam.d/samba:session include system-auth /etc/pam.d/system-auth-winbind:# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/3.5/system-auth-winbind.pam,v 1.1 2010/03/01 16:19:54 patrick Exp $ /etc/pam.d/postgresql:auth include system-auth /etc/pam.d/postgresql:account include system-auth /etc/pam.d/postgresql:session include system-auth /etc/pam.d/partimaged:auth include system-auth /etc/pam.d/partimaged:account include system-auth /etc/pam.d/partimaged:session include system-auth /etc/pam.d/groupmems:password include system-auth /etc/pam.d/shadow:account include system-auth /etc/pam.d/chpasswd:auth include system-auth /etc/pam.d/chpasswd:account include system-auth /etc/pam.d/chpasswd:password include system-auth /etc/pam.d/chgpasswd:auth include system-auth /etc/pam.d/chgpasswd:account include system-auth /etc/pam.d/chgpasswd:password include system-auth /etc/pam.d/chage:account include system-auth /etc/pam.d/chsh:account include system-auth /etc/pam.d/chfn:account include system-auth /etc/pam.d/newusers:account include system-auth /etc/pam.d/useradd:account include system-auth /etc/pam.d/userdel:account include system-auth /etc/pam.d/usermod:account include system-auth /etc/pam.d/groupadd:account include system-auth /etc/pam.d/groupdel:account include system-auth /etc/pam.d/groupmod:account include system-auth /etc/pam.d/passwd:auth include system-auth /etc/pam.d/passwd:account include system-auth /etc/pam.d/passwd:password include system-auth /etc/pam.d/su:auth include system-auth /etc/pam.d/su:account include system-auth /etc/pam.d/su:password include system-auth /etc/pam.d/su:session include system-auth /etc/pam.d/system-login:auth include system-auth /etc/pam.d/system-login:account include system-auth /etc/pam.d/system-login:password include system-auth /etc/pam.d/system-login:session include system-auth /etc/pam.d/system-services:account include system-auth Not sure what point you are trying to make with the long grep but... File a separate bug report against kde-base/kdm that they need to make use of system-local-login OR include pam_systemd.so in their pam.d files on their own. Display Managers like XDM and SLIM make use of system-local-login. There is no reason others shouldn't either. It's a longstanding bug in those Display Managers missing it. Ok. I will create new task about kdm. But what about su? (In reply to comment #19) > Ok. I will create new task about kdm. But what about su? If you login to the system, so that pam_systemd.so gets used at login time, like text console tty or soon-to-be-fixed KDM, then su/sudo/etc. should just work and not require the pam_systemd.so anymore since the login already had it (I will retest this tonight just to be sure...) Ok. Thanks for the quick answers. I've just converted x11-misc/lightdm to use system-local-login too. KDM and GDM left... (In reply to comment #18) > Display Managers like XDM and SLIM make use of system-local-login. There is > no reason others shouldn't either. It's a longstanding bug in those Display > Managers missing it. I think the other DMs didn't do that because they were trying to be too smart and start some random services on their own rather than relying on PAM modules to do that... |