https://bugs.kde.org/show_bug.cgi?id=376573
Bug ID: 376573
Summary: kwallet-pam does not work with sddm
Product: kwallet-pam
Version: 5.8.5
Platform: Mageia RPMs
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: NOR
Component: general
Assignee: plasma-b...@kde.org
Reporter: un...@physics.ubc.ca
Target Milestone: ---
kwallet-pam does not work with sddm.
I have
auth optional pam_kwallet5.so
session optional pam_kwallet5.so
in /etc/pam.d/sddm
I get the following errors in /var/log/messages and /var/log/auth.log
Feb 17 07:46:28 planet kernel: [ 48.459617] audit: type=1100
audit(1487313988.101:109): pid=4814 uid=0 auid=4294967295 ses=4294967295
msg='op=PAM:authentication grantors=pam_kwallet5,pam_unix acct="unruh"
exe="/usr/libexec/sddm-helper" hostname=? addr=? terminal=? res=success'
Feb 17 07:46:28 planet kernel: [ 48.459989] audit: type=1103
audit(1487313988.101:111): pid=4814 uid=0 auid=4294967295 ses=4294967295
msg='op=PAM:setcred grantors=pam_kwallet5,pam_unix acct="unruh"
exe="/usr/libexec/sddm-helper" hostname=? addr=? terminal=? res=success'
Feb 17 07:46:28 planet kernel: [ 48.466459] audit: type=1105
audit(1487313988.108:113): pid=4814 uid=0 auid=1000 ses=3
msg='op=PAM:session_open
grantors=pam_keyinit,pam_kwallet5,pam_namespace,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_loginuid
acct="unruh" exe="/usr/libexec/sddm-helper" hostname=? addr=? terminal=:0
res=success'
Feb 17 07:46:28 planet ksmserver[4989]: ksmserver: Starting autostart service
"/etc/xdg/autostart/pam_kwallet_init.desktop"
Feb 17 07:46:28 planet ksmserver[4989]: ksmserver: autostart service
"/usr/libexec/pam_kwallet_init" finished with exit code 1
auth.log
Feb 17 07:46:28 planet sddm-helper: pam_kwallet5(sddm:auth): (null):
pam_sm_authenticate
Feb 17 07:46:28 planet sddm-helper: pam_kwallet5(sddm:auth): pam_kwallet5:
Couldn't get password (it is empty)
Feb 17 07:46:28 planet sddm-helper: pam_kwallet5(sddm:setcred): pam_kwallet5:
pam_sm_setcred
Feb 17 07:46:28 planet sddm-helper: pam_kwallet5(sddm:session): pam_kwallet5:
pam_sm_open_session
Feb 17 07:46:28 planet sddm-helper: pam_kwallet5(sddm:session): pam_kwallet5:
final socket path: /tmp/kwallet5_unruh.socket
I put debugging into /usr/libexec/pam_kwallet_init
and the PAM_KWALLET5_LOGON environment variable does not exist when it is run,
although it is there once I am able to open a terminal and check.
It seems that when the pam module is run the first time by pam (auth) the
password is not there, and the kwallet pam module cannot open the socket. Then
/usr/libexec/pam_kwallet_init is run, and it does nothing since there is no
socket available. Finally in session, the kwallet pam module is run again. Now
there is a password available and the environment variable is set, but it is
too late.
I tried removing the
auth optional pam_kwallet5.so
line from /etc/pam.d/sddm
and now in the session call to the kwallet pam module the password is not
there.
It almost seems as though the pam stack has to be called twice before the user
password is ready.
(I have been trying to find the 5.9.2 source code to see if this is fixed, but
have not been able to find it anywhere.)
--
You are receiving this mail because:
You are watching all bug changes.
