http://bugzilla.opensuse.org/show_bug.cgi?id=1209741 http://bugzilla.opensuse.org/show_bug.cgi?id=1209741#c3 --- Comment #3 from Joe S <jmscdba@gmail.com> --- (In reply to Fabian Vogt from comment #1)
I see that /usr/lib/pam.d/login has pam_keyinit.so before common-session, while /etc/pam.d/sddm has it the other way around. Maybe that makes a difference?
Does it work with xdm?
I just tried it with xdm and it is the same issue as with sddm. (In reply to Thorsten Kukuk from comment #2)
It looks like the common usage on various distros is:
session required pam_loginuid.so session optional pam_keyinit.so ... session include common-session
I just tried modifying /etc/pam.d/sddm, /etc/pam.d/sddm-greeter, and /etc/pam.d/sddm-autologin to switch them to that order and it still has the issue. I reboot after any change and when it does not resolve the issues, I put things back to they way the were before the test. So far the ONLY 2 ways that resolve the issue are 1) Use keyctl session after logging into GUI 2) Modify /etc/pam.d/common-session-pc to add pam_keyinit.so revoke force as the last line. Obviously both of those methods are working around the issue by creating a new session keyring later in the process flow but neither of those is a permanent solution to the problem. Not sure if you looked at the URL from 2012 that seems very similar but one of the comments said: Recompiling 3.4.8 kernel with the patch applied (plus another one mentioned in that patch description) solved the problem - in Xfce session opened from GDM the session keyring exists and "cifscreds add server" works. (And mounting CIFS shares with multiuser option as well.) Since logging in via Ctrl-Alt-F1 does not have the issue and since logging in via the GUI does seem to create a session keyring, could it be that the owning process or location of that keyring is different which is why the Ctrl+Alt+F1 login can use the session keyring and the GUI login cannot ? I'm not up to the task of recompiling the kernel, but it seems like someone that is capable of that could review that OLD patch to see if it was somehow removed from more current kernels which is why the problem is occurring again. It seems pretty clear that the issues is some sort of sequencing issue with the GUI login that is the source of the problem. Possibly someone could debug cifscreds add to see why it is not finding the session keyring that pam_keyinit.so is creating when using the GUI login method but does when using the Ctrl+Alt+F1 login method ? I suspect that would point to exactly what the problem is. Holler if there are other tests you'd like me to try. -- You are receiving this mail because: You are on the CC list for the bug.