You are not logged in.
Hi,
I've configured pam and ldap on my system and all works well. The only problem that I have is that the login keyring gets not unlocked after GDM login. Is there a solution for this problem?
Thanks,
Christian
Offline
Wecome to the forums akkie. As for your problem you may need to be a little more specific.
How is ldap configured?
Do you have any errors or logs you can provide?
All men have stood for freedom...
For freedom is the man that will turn the world upside down.
Gerrard Winstanley.
Offline
Hi,
thanks for your answer. I was not sure which of my pam specific files I should post, so I thought I ask first if someone had a similar problem.
LDAP is configured based on the arch wiki.
I've found this auth specific log entries in the journal:
Jun 29 18:58:26 shlomo gnome-keyring-daemon[721]: couldn't allocate secure memory to keep passwords and or keys from being written to the disk
Jun 29 18:58:26 shlomo org.gtk.vfs.Daemon[746]: ### SMB: auth_callback - reusing keyring credentials: user = 'NULL', domain = 'NULL'
Jun 29 18:58:26 shlomo org.gtk.vfs.Daemon[746]: ### SMB: auth_callback - reusing keyring credentials: user = 'NULL', domain = 'NULL'
Jun 29 18:58:26 shlomo org.gtk.vfs.Daemon[746]: ### SMB: auth_callback - out: last_user = 'akkie', last_domain = 'MOHIVA'
Jun 29 18:58:26 shlomo org.gtk.vfs.Daemon[746]: ### SMB: auth_callback - out: last_user = 'akkie', last_domain = 'MOHIVA'
Jun 29 18:58:26 shlomo org.gtk.vfs.Daemon[746]: ### SMB: auth_callback - reusing keyring credentials: user = 'NULL', domain = 'NULL'
Jun 29 18:58:26 shlomo org.gtk.vfs.Daemon[746]: ### SMB: auth_callback - out: last_user = 'akkie', last_domain = 'MOHIVA'
Jun 29 18:58:26 shlomo org.gtk.vfs.Daemon[746]: ### SMB: auth_callback - reusing keyring credentials: user = 'NULL', domain = 'NULL'
Jun 29 18:58:26 shlomo org.gtk.vfs.Daemon[746]: ### SMB: auth_callback - out: last_user = 'akkie', last_domain = 'MOHIVA'
Jun 29 18:58:26 shlomo org.gtk.vfs.Daemon[746]: tdb(__NULL__): tdb_open_ex: called with name == NULL
Jun 29 18:58:26 shlomo org.gtk.vfs.Daemon[746]: tdb(__NULL__): tdb_open_ex: called with name == NULL
Jun 29 18:58:26 shlomo org.gtk.vfs.Daemon[746]: tdb(__NULL__): tdb_open_ex: called with name == NULL
Jun 29 18:58:26 shlomo org.gtk.vfs.Daemon[746]: tdb(__NULL__): tdb_open_ex: called with name == NULL
Jun 29 18:58:26 shlomo org.gtk.vfs.Daemon[746]: tdb(__NULL__): tdb_open_ex: called with name == NULL
Jun 29 18:58:26 shlomo org.gtk.vfs.Daemon[746]: tdb(__NULL__): tdb_open_ex: called with name == NULL
Jun 29 18:58:26 shlomo org.gtk.vfs.Daemon[746]: tdb(__NULL__): tdb_open_ex: called with name == NULL
Jun 29 18:58:26 shlomo org.gtk.vfs.Daemon[746]: tdb(__NULL__): tdb_open_ex: called with name == NULL
Jun 29 18:58:26 shlomo org.gtk.vfs.Daemon[746]: ### SMB: auth_callback - reusing keyring credentials: user = 'NULL', domain = 'NULL'
Jun 29 18:58:26 shlomo org.gtk.vfs.Daemon[746]: ### SMB: auth_callback - out: last_user = 'akkie', last_domain = 'MOHIVA'
Jun 29 18:58:26 shlomo org.gtk.vfs.Daemon[746]: tdb(__NULL__): tdb_open_ex: called with name == NULL
Jun 29 18:58:26 shlomo org.gtk.vfs.Daemon[746]: tdb(__NULL__): tdb_open_ex: called with name == NULL
Jun 29 18:58:26 shlomo org.gtk.vfs.Daemon[746]: tdb(__NULL__): tdb_open_ex: called with name == NULL
Jun 29 18:58:26 shlomo org.gtk.vfs.Daemon[746]: tdb(__NULL__): tdb_open_ex: called with name == NULL
Jun 29 18:58:26 shlomo org.gtk.vfs.Daemon[746]: tdb(__NULL__): tdb_open_ex: called with name == NULL
Jun 29 18:58:26 shlomo org.gtk.vfs.Daemon[746]: tdb(__NULL__): tdb_open_ex: called with name == NULL
Jun 29 18:58:26 shlomo org.gtk.vfs.Daemon[746]: tdb(__NULL__): tdb_open_ex: called with name == NULL
Offline
Start with the pam files you have edited.
I've no idea of your specific setup. I use ldap auth (with sssd) and lightdm and don't have any issues like this. However, I haven't made any changes directly to the keyring configs, have you?
All men have stood for freedom...
For freedom is the man that will turn the world upside down.
Gerrard Winstanley.
Offline
I've only changed the files as stated in the wiki entry.
$ cat /etc/pam.d/system-auth
#%PAM-1.0
auth sufficient pam_ldap.so
auth required pam_unix.so try_first_pass nullok
auth optional pam_permit.so
auth required pam_env.so
account sufficient pam_ldap.so
account required pam_unix.so
account optional pam_permit.so
account required pam_time.so
password sufficient pam_ldap.so
password required pam_unix.so try_first_pass nullok sha512 shadow
password optional pam_permit.so
session required pam_limits.so
session required pam_unix.so
session optional pam_ldap.so
session optional pam_permit.so
$ cat /etc/pam.d/su
#%PAM-1.0
auth sufficient pam_ldap.so
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid
auth required pam_unix.so use_first_pass
account sufficient pam_ldap.so
account required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel umask=0022
session sufficient pam_ldap.so
session required pam_unix.so
$ cat /etc/pam.d/su-l
#%PAM-1.0
auth sufficient pam_ldap.so
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid
auth required pam_unix.so use_first_pass
account sufficient pam_ldap.so
account required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel umask=0022
session sufficient pam_ldap.so
session required pam_unix.so
$ cat /etc/pam.d/system-login
#%PAM-1.0
auth required pam_tally.so onerr=succeed file=/var/log/faillog
auth required pam_shells.so
auth requisite pam_nologin.so
auth include system-auth
account required pam_access.so
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_loginuid.so
session include system-auth
session optional pam_motd.so motd=/etc/motd
session optional pam_mail.so dir=/var/spool/mail standard quiet
-session optional pam_systemd.so
session required pam_env.so
session required pam_mkhomedir.so skel=/etc/skel umask=0022
I had the same issue under Funtoo with an equal setup. Maybe it's GDM related. I think I should test the setup with lightdm to see if this works.
Offline