You are not logged in.

Pages: 1

#1 2025-08-04 08:55:11

drslmr
Member
Registered: 2011-05-14
Posts: 58

systemd upgrade changes login order

After upgrades I did 2025-08-01 my afs home directory is not fully available during login.

It looks like the change happens when upgrading systemd from  systemd-257.7-1 to systemd-257.7-2.

In my case the difference seams to be that pam_afs_session is execute after the  systemd-xdg-autostart-generator.
In this case I see systemd-xdg-autostart-generator warnings in the logging.

Is it possible to delay xdg execution after the aklog, which is done by pam_afs_session?

Offline

#2 2025-08-04 10:28:44

Lone_Wolf
Administrator
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 14,446

Re: systemd upgrade changes login order

How/when are you mounting the AFS home and what desktop environment are you using ?

Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.

clean chroot building not flexible enough ?
Try clean chroot manager by graysky

Offline

#3 2025-08-04 10:52:10

drslmr
Member
Registered: 2011-05-14
Posts: 58

Re: systemd upgrade changes login order

I'm using gnome.

I just found, that with systemd-257.7-2 systemd-user gets removed from /etc/pam.d,
There is a commit
https://gitlab.archlinux.org/archlinux/ … 3b9c1edee7
which modifies systemd-user.pam. This gets installed in /usr/lib/pam.d/systemd-user.

So I put back the old /etx/pam.d/systemd-user and this , well, works around the problem.

Offline

#4 2025-08-04 11:59:26

drslmr
Member
Registered: 2011-05-14
Posts: 58

Re: systemd upgrade changes login order

Actually, it is this commit which changes the location of systemd-user:
https://gitlab.archlinux.org/archlinux/ … 52c315a791

Offline

#5 2025-08-04 12:41:13

drslmr
Member
Registered: 2011-05-14
Posts: 58

Re: systemd upgrade changes login order

@Lone_Wolf

As far as I understand:

AFS gets mounted by openafs-client.service.
So during login pam_sss is used for authentication  (Kerberos, LDAP).
pam_afs_session does the aklog.
Only then the home directory is accessible for .e.g. autostart and shell initialization.

Offline

#6 2025-08-04 16:42:45

Bevan
Member
Registered: 2009-09-08
Posts: 102

Re: systemd upgrade changes login order

Hi!

As far as I can see, the pam-afs-session package in the AUR only contains the PAM module itself but does not come with any configuration. So I assume that you modified either /etc/pam.d/systemd-user (1.)
or /etc/pam.d/system-login (2.) to include pam_afs_session, adding something like the following:

session  optional  pam_krb5.so
session  optional  pam_afs_session.so

In both cases, the configuration would have been broken by the update:

  1. The systemd update moved /etc/pam.d/systemd-user to /usr/lib/pam.d/systemd-user, probably leaving any modified file in /etc as /etc/pam.d/systemd-user.pacsav.

  2. systemd-user stopped including system-login, so if you included pam_afs_session in there it won't be be invoked by systemd-user anymore.

I think in both cases the proper fix is to restore /etc/pam.d/systemd-user (like you already did) and maybe compare it to /usr/lib/pam.d/systemd-user to make sure that there are no unwanted differences, i.e., only the pam_afs stuff is added.

Offline

#7 2025-08-04 17:22:47

drslmr
Member
Registered: 2011-05-14
Posts: 58

Re: systemd upgrade changes login order

@Bevan
Yes that's true, I had to add pam_afs_session to system-login and some other changes in system-auth.
I did not modify systemd-user, so it did not get a stored in .pacsave or similar.
Thanks for your help.

I just wonder if there are any unwanted side-effects if I include system-login in my version of systemd-user again?

Offline

#8 2025-08-04 17:42:14

Bevan
Member
Registered: 2009-09-08
Posts: 102

Re: systemd upgrade changes login order

drslmr wrote:

I just wonder if there are any unwanted side-effects if I include system-login in my version of systemd-user again?

I think the change was mainly made to keep the configurations minimal. You could try adding just the lines required for pam_afs_session to systemd-user instead of including the entire system-login. That seems to be the way suggested by the commit you referenced.

Offline

#9 2025-08-05 06:47:35

drslmr
Member
Registered: 2011-05-14
Posts: 58

Re: systemd upgrade changes login order

@Bevan
Thanks again. Yes it works with putting pam_afs_session into the systemd-user. When comparing the logging for the two different versions, I saw that gnome-keyring failed. But I did not see any actual problem. Nevertheless I also added gnome_keyring. So my systemd-user looks like this now:

# Used by systemd --user instances.

account    include    system-login

session    required   pam_loginuid.so
session    optional   pam_keyinit.so       force revoke
session    include    system-auth
session    [success=1 default=ignore]  pam_succeed_if.so uid < 1001
session    optional   pam_afs_session.so
session    optional   pam_gnome_keyring.so auto_start
session    optional   pam_umask.so
session    optional   pam_systemd.so
session    required   pam_env.so

Offline

#10 2025-08-07 09:27:21

drslmr
Member
Registered: 2011-05-14
Posts: 58

Re: systemd upgrade changes login order

By chance, when I was checking if my pam configuration above works using sudo systemctl status -a, I saw that some times shadow.service and logrotate.service had failed.

I added class=user-incomplete to the pam_systemd.so line above. Not sure if that really helps, because I'm not sure how to trigger the failed services exactly.

Offline

Pages: 1

Board footer

Powered by FluxBB