Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 483272

Summary: sys-auth/pam_ssh-1.97-r2 with sys-apps/systemd-204 - ssh-agent prevents kdm.service stop
Product: Gentoo Linux Reporter: Tim Mohlmann <muhlemmer>
Component: [OLD] Core systemAssignee: PAM Gentoo Team (OBSOLETE) <pam-bugs+disabled>
Status: RESOLVED FIXED    
Severity: normal CC: alexanders83, systemd
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugzilla.novell.com/show_bug.cgi?id=727246
https://bugzilla.redhat.com/show_bug.cgi?id=913820
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 459960    
Bug Blocks:    
Attachments: emerge --info output

Description Tim Mohlmann 2013-09-01 15:03:46 UTC 
When shutting down the system I am receiving the following massage from systemd:
  "A stop job is running for KDM display manager"

This message will time out after (I think) 90 seconds and shutdown will be  completed.

This problem started occurring after my transition to systemd. I can also reproduce the time out by issuing:
  systemctl stop kdm.service

Only I do not get the message when doing it like that, it just takes the command 90 seconds to finish. KDM itself is almost stopped instantly,

As suggested here: https://bugzilla.redhat.com/show_bug.cgi?id=913820 I also found ssh-agent still running for the user name under which I logged in KDM. Sending a kill -9 to the ssh-agent, it shuts down and the service stop is completed instantly.

URL in bug summary point to novell bug report and suggests a patch for pam_ssh.

ssh-agent is started trough pam_ssh.

* These packages depend on sys-auth/pam_ssh:
sys-auth/pambase-20120417-r2 (pam_ssh ? sys-auth/pam_ssh)

equery b ssh-agent        
 * Searching for ssh-agent ... 
net-misc/openssh-5.9_p1-r4 (/usr/bin/ssh-agent)

net-misc/openssh-5.9_p1-r4  USE="X hpn ldap pam tcpd -X509 -bindist -kerberos -libedit (-selinux) -skey -static"
sys-auth/pam_ssh-1.97-r2
sys-auth/pambase-20120417-r2  USE="cracklib pam_ssh sha512 systemd -consolekit -debug -gnome-keyring -minimal -mktemp -pam_krb5 -passwdqc (-selinux)"
sys-apps/systemd-204  USE="acl firmware-loader gudev introspection keymap kmod pam (policykit) tcpd -audit -cryptsetup -doc -gcrypt -http -lzma -openrc -python -qrcode (-selinux) -static-libs {-test} -vanilla -xattr" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7"



Reproducible: Always

Steps to Reproduce:
1.Migrate system init to systemd
2.USE="ssh" emerge -1 pambase
3.Reboot and start kdm.service
4.Login with $user
5.systemctl stop kdm.service (from a different terminal as X, off course)
Actual Results:  
1.X / KDM is stopped instantly
2.ps aux | grep ssh-agent #Shows ssh-agent running for $user
3.systemctl command won't finish for 90 seconds

Expected Results:  
ssh-agent should be stopped and systemctl command should be done quickly
Comment 1 Tim Mohlmann 2013-09-01 15:06:07 UTC 
Created attachment 357564 [details]
emerge --info output

emerge --info output exceeds character limit for comments, hence added as attachment.
Comment 2 Alexander Stein 2013-10-06 10:25:23 UTC 
I can confirm that the patch from comment 2 in https://bugzilla.novell.com/show_bug.cgi?id=727246 fixes/works around this problem. Dunno if this is a pam_ssh or kdm problem. Current kdm version installed: kde-base/kdm-4.10.5-r1.
Comment 3 Pacho Ramos gentoo-dev 2013-10-18 17:09:07 UTC 
PAM team, are you ok with that opensuse patch being applied to pam_ssh?
Comment 4 Pacho Ramos gentoo-dev 2013-10-28 19:29:58 UTC 
Is this still valid with -r3? I also see upstream released a 1.98 version that maybe solves this (looks like opensuse and fedora are no longer patching it)
Comment 5 Tim Mohlmann 2013-11-06 16:59:54 UTC 
(In reply to Pacho Ramos from comment #4)

No, it is not fixed in -r3. 1.98 isn't in tree yet. If maintainer can be so friendly to get it in, I will test if the bug still exists for that release.
Comment 6 Pacho Ramos gentoo-dev 2013-11-06 20:28:07 UTC 
+*pam_ssh-1.98 (06 Nov 2013)
+
+  06 Nov 2013; Pacho Ramos <pacho@gentoo.org> +pam_ssh-1.98.ebuild:
+  Version bump
+
Comment 7 Johannes Huber (RETIRED) gentoo-dev 2013-12-04 09:35:05 UTC 
(In reply to Pacho Ramos from comment #6)
> +*pam_ssh-1.98 (06 Nov 2013)
> +
> +  06 Nov 2013; Pacho Ramos <pacho@gentoo.org> +pam_ssh-1.98.ebuild:
> +  Version bump
> +

No open bugs since version bump. How about to start stabilization?
Comment 8 Pacho Ramos gentoo-dev 2013-12-04 19:58:16 UTC 
I am fine, not sure about PAM team :/
Comment 9 Pacho Ramos gentoo-dev 2013-12-08 17:28:11 UTC 
The stabilization is being covered in bug 459960 finally ;)