[opensuse-factory] vlock no longer working after recent snapshots
After switching to tty1, I ran zypper dup in tmux and after detaching the session, ran vlock, which resulted in a repeated scrolling "authentication failure" text, with no ability to input my password. The problem is still persisting after running zypper dup today. Can anyone else confirm?
On Tue, Oct 10, 2017 at 12:42:32AM +0800, Chan Ju Ping wrote:
After switching to tty1, I ran zypper dup in tmux and after detaching the session, ran vlock, which resulted in a repeated scrolling "authentication failure" text, with no ability to input my password.
The problem is still persisting after running zypper dup today. Can anyone else confirm?
Even worse, today "zypper dup" on Tumbleweed wants to uninstall vlock, saying that it's not in my repositories. And indeed, vlock is now missing in Tumbleweed repositories and openSUSE:Factory. Which is strange because before a package is dropped, there is usually a warning in opensuse-factory list that it's orphaned or broken and question if anyone is willing take over it. I don't remember seeing anything like that for vlock. Michal Kubeček -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wed, Oct 11, 2017 at 09:42:56AM +0200, Michal Kubecek wrote:
Even worse, today "zypper dup" on Tumbleweed wants to uninstall vlock, saying that it's not in my repositories. And indeed, vlock is now missing in Tumbleweed repositories and openSUSE:Factory. Which is strange because before a package is dropped, there is usually a warning in opensuse-factory list that it's orphaned or broken and question if anyone is willing take over it. I don't remember seeing anything like that for vlock.
Mystery solved... once I added a lock for vlock, zypper revealed that kbd 2.0.4 obsoletes vlock package. And indeed, kbd-2.0.4 contains /usr/bin/vlock and changelog says * Fri Sep 22 2017 sbrabec@suse.com - Version update to 2.0.6: * translation updates * support for U+202F * minor fixes and code cleanup * minor improvements and more characters support - Enable vlock (bsc#1056449, FATE#261). I'm a bit confused by the "to 2.0.6" part but that may be just a typo. Michal Kubeček -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wednesday, 11 October 2017 15:59:22 +08 Michal Kubecek wrote:
Mystery solved... once I added a lock for vlock, zypper revealed that kbd 2.0.4 obsoletes vlock package. And indeed, kbd-2.0.4 contains /usr/bin/vlock and changelog says
* Fri Sep 22 2017 sbrabec@suse.com - Version update to 2.0.6: * translation updates * support for U+202F * minor fixes and code cleanup * minor improvements and more characters support - Enable vlock (bsc#1056449, FATE#261).
I'm a bit confused by the "to 2.0.6" part but that may be just a typo.
Michal Kubeček
Thanks! I guess I just need to zypper dup for the fix.
On Wednesday, 11 October 2017 21:07:05 +08 Chan Ju Ping wrote:
On Wednesday, 11 October 2017 15:59:22 +08 Michal Kubecek wrote:
Mystery solved... once I added a lock for vlock, zypper revealed that kbd 2.0.4 obsoletes vlock package. And indeed, kbd-2.0.4 contains /usr/bin/vlock and changelog says
* Fri Sep 22 2017 sbrabec@suse.com
- Version update to 2.0.6: * translation updates * support for U+202F * minor fixes and code cleanup * minor improvements and more characters support
- Enable vlock (bsc#1056449, FATE#261).
I'm a bit confused by the "to 2.0.6" part but that may be just a typo.
Michal Kubeček
Thanks! I guess I just need to zypper dup for the fix.
Didn't work. Once locked, I cannot unlock the tty. There is no line saying to type Enter to key in my passphrase like previously. The following just keep being printed and scrolling: -- The pts/0 is now locked by <username>. Authentication failure. The pts/0 is now locked by <username>. Authentication failure. --
On Thu, Oct 12, 2017 at 12:15:49AM +0800, Chan Ju Ping wrote:
On Wednesday, 11 October 2017 21:07:05 +08 Chan Ju Ping wrote:
Thanks! I guess I just need to zypper dup for the fix.
Didn't work. Once locked, I cannot unlock the tty. There is no line saying to type Enter to key in my passphrase like previously.
The following just keep being printed and scrolling:
--
The pts/0 is now locked by <username>. Authentication failure.
The pts/0 is now locked by <username>. Authentication failure.
--
You may want to check if vlock (or the actual program - standalone vlock replaced /usb/bin/vlock by a script and the actual binary was moved to /usr/sbin/vlock-main; not sure how this works with the kbd version) has sgid for group shadow. I once opened a bug for this as I believe it should be set out of the box but it was rejected with the explanation that someone may use only e.g. LDAP for authentication with no local database and then they wouldn't need sgid. (sigh) If that doesn't help, I suppose you should either open a bug for this issue or reuse bsc#1056449 (ther former seems more appropriate to me). I'm sorry I can't check now as won't be at my Tumbleweed machine until Monday. Michal Kubeček -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Thursday, 12 October 2017 14:21:48 +08 Michal Kubecek wrote:
You may want to check if vlock (or the actual program - standalone vlock replaced /usb/bin/vlock by a script and the actual binary was moved to /usr/sbin/vlock-main; <snip>
Looks like I still have vlock in /usr/bin/vlock, and /usr/bin/vlock-main doesn't exist. What should I do next?
If that doesn't help, I suppose you should either open a bug for this issue or reuse bsc#1056449 (ther former seems more appropriate to me).
I'm sorry I can't check now as won't be at my Tumbleweed machine until Monday.
No worries about that! Thanks for the help so far.
On Monday, 16 October 2017 11:20 Chan Ju Ping wrote:
On Thursday, 12 October 2017 14:21:48 +08 Michal Kubecek wrote:
You may want to check if vlock (or the actual program - standalone vlock replaced /usb/bin/vlock by a script and the actual binary was moved to /usr/sbin/vlock-main; <snip>
Looks like I still have vlock in /usr/bin/vlock, and /usr/bin/vlock-main doesn't exist.
What should I do next?
If that doesn't help, I suppose you should either open a bug for this issue or reuse bsc#1056449 (ther former seems more appropriate to me).
I'm sorry I can't check now as won't be at my Tumbleweed machine until Monday.
No worries about that! Thanks for the help so far.
So the sgid bit isn't needed any more as pam_unix.so is now using helper (/sbin/unix_chkpwd) to check the password. What you need, though, is to create PAM file /etc/pam.d/vlock for vlock. This seems to work for me: ------------------------------------------------------------------------ #%PAM-1.0 auth include common-auth account include common-account ------------------------------------------------------------------------ I believe this (or some better version) should be part of kbd package. Michal Kubeček -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 10/16/2017, 11:51 AM, Michal Kubecek wrote:
------------------------------------------------------------------------ #%PAM-1.0 auth include common-auth account include common-account ------------------------------------------------------------------------
I believe this (or some better version) should be part of kbd package.
Correct: https://build.opensuse.org/request/show/533946 thanks, -- js suse labs -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Monday, 16 October 2017 17:51:46 +08 Michal Kubecek wrote:
So the sgid bit isn't needed any more as pam_unix.so is now using helper (/sbin/unix_chkpwd) to check the password. What you need, though, is to create PAM file /etc/pam.d/vlock for vlock. This seems to work for me:
------------------------------------------------------------------------ #%PAM-1.0 auth include common-auth account include common-account ------------------------------------------------------------------------
I believe this (or some better version) should be part of kbd package.
Michal Kubeček
Thank you. I had to work on projects in public spaces so I couldn't quite wait to see when the fix would land on my primary computer. This fixes the bug nicely.
participants (3)
-
Chan Ju Ping
-
Jiri Slaby
-
Michal Kubecek