Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 346037 - x11-misc/slim: fix pam misbehavior
Summary: x11-misc/slim: fix pam misbehavior
Status: RESOLVED DUPLICATE of bug 342345
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Desktop Misc. Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-11-19 08:59 UTC by Matthias Gehre
Modified: 2011-10-13 21:40 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Patch: Removes setting of PAM_RHOST (slim-pam-remove-rhost.patch,449 bytes, patch)
2010-11-19 09:07 UTC, Matthias Gehre
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Gehre 2010-11-19 08:59:58 UTC
slim does set the pam variable PAM_RHOST to localhost.
But just the existance of this variable makes consolekit think that this session is not local. (is-local = false)

See http://blog.flameeyes.eu/2010/11/11/draft-article-5307.

The attached patch removes that call.

Additionally, to make slim and consolekit behave correctly, one needs to change
/etc/pam.d/slim to use system-local-login instead of system-auth so that pam_ck_connector is used.
Comment 1 Matthias Gehre 2010-11-19 09:07:27 UTC
Created attachment 254799 [details, diff]
Patch: Removes setting of PAM_RHOST
Comment 2 Matthias Gehre 2010-11-19 09:12:23 UTC
The patch is against slim 1.3.2-r2. I have installed pambase 20101024 and consolekit 0.4.2-r4.

Please note: One also needs to remove "nox11" from the pam_ck_connector line in 
system-login. My session is then launched from .xinitrc by
exec ck-launch-session startxfce4 (which should be common)

With this settings, I get an active&local session. But there is a second session created, too, which I don't know where it comes from:

Session4:
	unix-user = '1000'
	realname = '(null)'
	seat = 'Seat1'
	session-type = ''
	active = TRUE
	x11-display = ':0.0'
	x11-display-device = '/dev/tty7'
	display-device = ''
	remote-host-name = ''
	is-local = TRUE
	on-since = '2010-11-19T09:05:38.149974Z'
	login-session-id = '5'
Session3:
	unix-user = '1000'
	realname = '(null)'
	seat = 'Seat3'
	session-type = ''
	active = FALSE
	x11-display = ':0.0'
	x11-display-device = ''
	display-device = ''
	remote-host-name = ''
	is-local = TRUE
	on-since = '2010-11-19T09:05:38.036384Z'
	login-session-id = '5'
Comment 3 Samuli Suominen gentoo-dev 2010-12-02 17:29:27 UTC
+*slim-1.3.2-r3 (02 Dec 2010)
+
+  02 Dec 2010; Samuli Suominen <ssuominen@gentoo.org>
+  +files/346037-stop_setting_host_for_pam_ck_connector_so.patch,
+  +slim-1.3.2-r3.ebuild:
+  Don't set host to avoid bad interaction with pam_ck_connector.so from
+  sys-auth/consolekit and use "system-local-login" wrt #346037 by Matthias
+  Gehre.

And that "nox11" change needs to come from bug 342345.
Comment 4 Jeremy Olexa (darkside) (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-12-02 17:36:12 UTC
Thanks, someone needs to file the bug upstream and reference it here (or in the patch).  http://developer.berlios.de/bugs/?group_id=2663
Comment 5 Samuli Suominen gentoo-dev 2010-12-02 18:15:18 UTC
(In reply to comment #4)
> Thanks, someone needs to file the bug upstream and reference it here (or in the
> patch).  http://developer.berlios.de/bugs/?group_id=2663
> 

https://developer.berlios.de/bugs/?func=detailbug&bug_id=17757&group_id=2663
https://bugs.freedesktop.org/show_bug.cgi?id=32055
Comment 6 Samuli Suominen gentoo-dev 2011-10-13 21:40:58 UTC

*** This bug has been marked as a duplicate of bug 342345 ***