Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 398419

Summary: Please provide documentation for using pam_ldap.so in combination with sys-auth/pambase[gnome-keyring]
Product: [OLD] Docs on www.gentoo.org Reporter: Justin Lecher (RETIRED) <jlec>
Component: New DocumentationAssignee: Gentoo Linux Gnome Desktop Team <gnome>
Status: RESOLVED TEST-REQUEST    
Severity: normal Keywords: NeedPatch
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: system-auth

Description Justin Lecher (RETIRED) gentoo-dev 2012-01-10 18:27:15 UTC 
I simply could not get the ldap based login via pam_ldap.so combined with the automatic unlock of my keyring via sys-auth/pambase[gnome-keyring].
It might be worth to write some documentation about this as it should be intersting for other users too.
Comment 1 nm (RETIRED) gentoo-dev 2012-01-10 23:28:26 UTC 
this is it's something the gnome team would deal with, so we'd need to know what to put in our guide.

but my first guess is that you have something screwed up on your system; this sounds like a bug, as i haven't had any such issues. might want to check the forums.

gnome team: any ideas?
Comment 2 nm (RETIRED) gentoo-dev 2012-01-10 23:29:07 UTC 
also, unless we're folding it into an existing guide like the Gnome doc, this is is something that would better fit on the gentoo wiki, wiki.gentoo.org, which the gdp does not control. you're free to write something there, if you wish. :)
Comment 3 Gilles Dartiguelongue (RETIRED) gentoo-dev 2012-01-10 23:50:28 UTC 
I had (currently disabled) a ldap based + automatic gnome-keyring unlock setup and it worked perfectly fine. To figure out your problem, you'd have to explain your exact setup + pam files + what password are stored where and which you're using to login.
Comment 4 Justin Lecher (RETIRED) gentoo-dev 2012-01-11 06:55:48 UTC 
Created attachment 298607 [details]
system-auth

So this it what I did. Initially the setup was without ldap based authentication and the unlocking went fine. I followed what was written in the ldap guide (http://www.gentoo.org/doc/en/ldap-howto.xml) to add the ldap support. Basic login with a ldap account is fine. But neither for the ldap nor for the local account the keyring unlock works. Please find attached the system-auth.
I am not an pam expert, but could it be that the "sufficient" blocks the "optional" rules?
Comment 5 Justin Lecher (RETIRED) gentoo-dev 2012-01-11 06:57:44 UTC 
sys-auth/pambase-20101024-r1[consolekit cracklib gnome-keyring sha512]
sys-libs/pam-1.1.5[berkdb cracklib elibc_glibc nls]
Comment 6 Justin Lecher (RETIRED) gentoo-dev 2012-01-11 07:30:29 UTC 
I removed the ldap support and the unlock works again.
Comment 7 Pacho Ramos gentoo-dev 2013-08-29 12:29:48 UTC 
What is the status of this with Gnome 3.8 and updated system?
Comment 8 Justin Lecher (RETIRED) gentoo-dev 2013-09-17 15:38:47 UTC 
Can't test it anymore, because I needed to drop G3.8 from that machine.
Comment 9 Pacho Ramos gentoo-dev 2013-12-24 12:08:42 UTC 
Would be nice to try with 3.8 if possible since the keyring/unlocking stuff changed a lot since 2.32 (looks like finally is working ok on all the machines I maintain ;))
Comment 10 Justin Lecher (RETIRED) gentoo-dev 2013-12-25 12:35:38 UTC 
Sadly I don't run gnome on that box anymore, so I cannot test it.