pam_exec.so script access to systemd --user instance at login?

EvanPurkhiser · 2014-04-19 07:08:50

Hey guys,

I used to use a little bash script that would be executed by PAM on user login that would start a ssh-agent in the systemd --user instance and decrypt my private key using the password I used to login. Unfortunately since the upgrade of systemd 204+ (This was awhile ago, I know) the script no longer works as I am no longer starting my systemd --user instance at boot.

The systemd instance is started by pam_systemd.so. So I had thought that placing my script exec call after `-session optional pam_systemd.so` it would execute after the user@.service is started. That doesn't seem to be the case though.

Here's my /etc/pam.d/system-login file

#%PAM-1.0 
auth       required   pam_tally.so         onerr=succeed file=/var/log/faillog
auth       required   pam_shells.so
auth       requisite  pam_nologin.so
auth       include    system-auth

account    required   pam_access.so
account    required   pam_nologin.so
account    include    system-auth

password   include    system-auth

session    optional   pam_loginuid.so
session    include    system-auth
session    optional   pam_motd.so          motd=/etc/motd
session    optional   pam_mail.so          dir=/var/spool/mail standard quiet
-session   optional   pam_systemd.so
session    required   pam_env.so

auth       optional   pam_exec.so  expose_authtok /usr/lib/systemd/systemd-user-pam-ssh

(Note the last line)

However this still doesn't work. `systemctl is-active user@$(id -u ${PAM_USER})` returns "unknown" when the script is executed.

Any ideas how I can get my script to run AFTER the systemd user@.service is started when I login? Or maybe another way I can start up my --user ssh-agent.servicer and decrypt my key using my entered password?

Stebalien · 2014-04-19 18:52:36

You should be able to use my systemd-wait script (https://github.com/Stebalien/systemd-wait) to wait for the user service to start.

EvanPurkhiser · 2014-04-20 03:45:18

I'm actually quite surprised nothing like that is already part of the systemd core utilities. That's very useful! I do somewhat wish it was written in C though. Maybe I'll take a crack porting it myself.

Thank you very much for linking that, it's much appreciated Stebalien.

Stebalien · 2014-04-20 14:25:45

I recommend re-writing it in Vala instead of C. Vala compiles to C but has nice GLib/DBus bindings.

Arch Linux

#1 2014-04-19 07:08:50

pam_exec.so script access to systemd --user instance at login?

#2 2014-04-19 18:52:36

Re: pam_exec.so script access to systemd --user instance at login?

#3 2014-04-20 03:45:18

Re: pam_exec.so script access to systemd --user instance at login?

#4 2014-04-20 14:25:45

Re: pam_exec.so script access to systemd --user instance at login?

Board footer