[opensuse-factory] xfce4: pam_gnome_keyring.so doesn't unlike the Gnome keyring when started by lightdm
Hi there, this is on VERSION="20141029 (Harlequin)" with lightdm as the display manager and xfce4 as my default window session. On openSUSE 13.1 I was used to get the Gnome keyring automagically unlocked whenever I log in. This doesn't happen on a new installation of openSUSE Factory. I've tracked it down to the following line in /etc/pam.d/common-session: session optional pam_gnome_keyring.so auto_start only_if=gdm,gdm-password,lxdm,lightdm Everything looks OK, but even with the Gnome runtime support enabled in xfce4, the keyring stays locked. What's surprising is the following output of "systemctl status display-manager.service": Nov 03 18:08:36 saturn display-manager[25273]: /etc/vconsole.conf available Nov 03 18:08:36 saturn display-manager[25273]: KEYMAP: de-latin1-nodeadkeys Nov 03 18:08:36 saturn display-manager[25273]: Command: localectl set-keymap de-latin1-nod...ys Nov 03 18:08:36 saturn lightdm[25310]: pam_unix(lightdm-greeter:session): session opened ...=0) Nov 03 18:08:36 saturn display-manager[25273]: Starting service lightdm..done Nov 03 18:08:52 saturn lightdm[25339]: pam_unix(xdm:session): session opened for user man...=0) Look at the "xdm" in the last line. When I added some debugging code to pam_gnome_keyring.so, I saw that the display's manager name is indeed passed as "xdm" instead of "lightdm", which then resulted to not unlock the keyring because the manager wasn't in the list of supported ones. By adding "xdm" to the "only_if=..." list I now get the keyring unlocked again when logging in, but this is clearly only a work-around, not a real solution. Does anyone have an idea, what can go wrong here? Shall I put this in Bugzilla? TIA, cheers. l8er manfred
On Mon, 3 Nov 2014 20:08, Manfred Hollstein wrote:
this is on VERSION="20141029 (Harlequin)" with lightdm as the display manager and xfce4 as my default window session.
On openSUSE 13.1 I was used to get the Gnome keyring automagically unlocked whenever I log in. This doesn't happen on a new installation of openSUSE Factory. I've tracked it down to the following line in /etc/pam.d/common-session:
session optional pam_gnome_keyring.so auto_start only_if=gdm,gdm-password,lxdm,lightdm
Everything looks OK, but even with the Gnome runtime support enabled in xfce4, the keyring stays locked. What's surprising is the following output of "systemctl status display-manager.service":
Nov 03 18:08:36 saturn display-manager[25273]: /etc/vconsole.conf available Nov 03 18:08:36 saturn display-manager[25273]: KEYMAP: de-latin1-nodeadkeys Nov 03 18:08:36 saturn display-manager[25273]: Command: localectl set-keymap de-latin1-nod...ys Nov 03 18:08:36 saturn lightdm[25310]: pam_unix(lightdm-greeter:session): session opened ...=0) Nov 03 18:08:36 saturn display-manager[25273]: Starting service lightdm..done Nov 03 18:08:52 saturn lightdm[25339]: pam_unix(xdm:session): session opened for user man...=0)
Look at the "xdm" in the last line. When I added some debugging code to pam_gnome_keyring.so, I saw that the display's manager name is indeed passed as "xdm" instead of "lightdm", which then resulted to not unlock the keyring because the manager wasn't in the list of supported ones.
By adding "xdm" to the "only_if=..." list I now get the keyring unlocked again when logging in, but this is clearly only a work-around, not a real solution.
Does anyone have an idea, what can go wrong here? Shall I put this in Bugzilla?
Please, put this in Bugzilla. For a solution, well, adding xdm to the pam_gnome_keyring.so line is a short term solution, but in the longterm, the behavior, that is shown in the log should be addressed. Either this is a remnant, and can be corrected without great trouble, or this was premeditatedly / purposely done to work around other errors or even wrong behavior in the surounding field. Asking upstream is needed. For timely (13.2) solution, the changed line in /etc/pam.d/common-session should be the way to go. Saver and faster to implement, with much less possible impact, than hacking lightdm now. - Yamaban -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
* Manfred Hollstein <mhollstein@t-online.de> [2014-11-03 20:09]:
Hi there,
this is on VERSION="20141029 (Harlequin)" with lightdm as the display manager and xfce4 as my default window session.
On openSUSE 13.1 I was used to get the Gnome keyring automagically unlocked whenever I log in. This doesn't happen on a new installation of openSUSE Factory. I've tracked it down to the following line in /etc/pam.d/common-session:
session optional pam_gnome_keyring.so auto_start only_if=gdm,gdm-password,lxdm,lightdm
Everything looks OK, but even with the Gnome runtime support enabled in xfce4, the keyring stays locked. What's surprising is the following output of "systemctl status display-manager.service":
Nov 03 18:08:36 saturn display-manager[25273]: /etc/vconsole.conf available Nov 03 18:08:36 saturn display-manager[25273]: KEYMAP: de-latin1-nodeadkeys Nov 03 18:08:36 saturn display-manager[25273]: Command: localectl set-keymap de-latin1-nod...ys Nov 03 18:08:36 saturn lightdm[25310]: pam_unix(lightdm-greeter:session): session opened ...=0) Nov 03 18:08:36 saturn display-manager[25273]: Starting service lightdm..done Nov 03 18:08:52 saturn lightdm[25339]: pam_unix(xdm:session): session opened for user man...=0)
Look at the "xdm" in the last line. When I added some debugging code to pam_gnome_keyring.so, I saw that the display's manager name is indeed passed as "xdm" instead of "lightdm", which then resulted to not unlock the keyring because the manager wasn't in the list of supported ones.
By adding "xdm" to the "only_if=..." list I now get the keyring unlocked again when logging in, but this is clearly only a work-around, not a real solution.
Does anyone have an idea, what can go wrong here?
Nothing, particularly since you're not using xdm.
Shall I put this in Bugzilla?
Yes and assign to me. Might be due to the way lightdm reuses the xdm pam configuration, I'll have a closer look later. -- Guido Berhoerster -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
* Guido Berhoerster <gber@opensuse.org> [2014-11-03 22:31]:
* Manfred Hollstein <mhollstein@t-online.de> [2014-11-03 20:09]:
Hi there,
this is on VERSION="20141029 (Harlequin)" with lightdm as the display manager and xfce4 as my default window session.
On openSUSE 13.1 I was used to get the Gnome keyring automagically unlocked whenever I log in. This doesn't happen on a new installation of openSUSE Factory. I've tracked it down to the following line in /etc/pam.d/common-session:
session optional pam_gnome_keyring.so auto_start only_if=gdm,gdm-password,lxdm,lightdm
Everything looks OK, but even with the Gnome runtime support enabled in xfce4, the keyring stays locked. What's surprising is the following output of "systemctl status display-manager.service":
Nov 03 18:08:36 saturn display-manager[25273]: /etc/vconsole.conf available Nov 03 18:08:36 saturn display-manager[25273]: KEYMAP: de-latin1-nodeadkeys Nov 03 18:08:36 saturn display-manager[25273]: Command: localectl set-keymap de-latin1-nod...ys Nov 03 18:08:36 saturn lightdm[25310]: pam_unix(lightdm-greeter:session): session opened ...=0) Nov 03 18:08:36 saturn display-manager[25273]: Starting service lightdm..done Nov 03 18:08:52 saturn lightdm[25339]: pam_unix(xdm:session): session opened for user man...=0)
Look at the "xdm" in the last line. When I added some debugging code to pam_gnome_keyring.so, I saw that the display's manager name is indeed passed as "xdm" instead of "lightdm", which then resulted to not unlock the keyring because the manager wasn't in the list of supported ones.
By adding "xdm" to the "only_if=..." list I now get the keyring unlocked again when logging in, but this is clearly only a work-around, not a real solution.
Does anyone have an idea, what can go wrong here?
Nothing, particularly since you're not using xdm.
The actual fix is to create /etc/xdg/lightdm/lightdm.conf.d/99-pam-fix.conf with the following contents: [SeatDefaults] pam-service = lightdm pam-autologin-service = lightdm-autologin pam-greeter-service = lightdm-greeter and execute the following commands as root: ln -s /ect/pam.d/xdm /ect/pam.d/lightdm ln -s /ect/pam.d/xdm-np /ect/pam.d/lightdm-autologin -- Guido Berhoerster -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hi Guido, On Mon, 03 Nov 2014, 22:46:15 +0100, Guido Berhoerster wrote:
* Guido Berhoerster <gber@opensuse.org> [2014-11-03 22:31]:
* Manfred Hollstein <mhollstein@t-online.de> [2014-11-03 20:09]: [...]
By adding "xdm" to the "only_if=..." list I now get the keyring unlocked again when logging in, but this is clearly only a work-around, not a real solution.
Does anyone have an idea, what can go wrong here?
Nothing, particularly since you're not using xdm.
I've seen you already put it into Bugzilla (sbc#903744), thanks for that!
The actual fix is to create /etc/xdg/lightdm/lightdm.conf.d/99-pam-fix.conf with the following contents:
Yes, indeed, I can confirm that this fixes the problem. FWIW, I already tried the symbolic links, but the missing glue is apparently the .conf file. Thanks for your help! Cheers. l8er manfred
participants (3)
-
Guido Berhoerster -
Manfred Hollstein -
Yamaban