[SOLVED] PAM Critical error - immediate abort, unable to login

doums · 2020-08-19 23:17:38

Hi,

After a usual system update with sudo pacman -Syu I can no longer log with my regular user into my system !
I get the following error message from PAM:

Critical error - immediate abort

I don't remember anything special during the update. I did nothing with PAM as far as I know.

I can login as root.

Here you can find a photo from my screen with the journalctl -p3 logs (sorry but I'm unable to copy and paste it in text format).
https://imgur.com/9kEjGSy

Based on this post https://bbs.archlinux.org/viewtopic.php?id=258313 I initially thought the problem was with tally, but I did not find any reference to it under /etc/pam.d/.

Last edited by doums (2020-08-20 23:16:21)

loqs · 2020-08-19 23:21:06

Can you log in as root?

https://bugs.archlinux.org/task/67636

doums · 2020-08-19 23:54:52

Okay thanks.
So I followed your steps in the link you posted and it works:

I replaced /etc/pam.d/system-auth with

#%PAM-1.0

auth       required                    pam_faillock.so      preauth
# Optionally use requisite above if you do not want to prompt for the password
# on locked accounts.
auth       [success=1 default=ignore]  pam_unix.so          try_first_pass nullok
auth       [default=die]               pam_faillock.so      authfail
auth       optional                    pam_permit.so
auth       required                    pam_env.so
auth       required                    pam_faillock.so      authsucc
# If you drop the above call to pam_faillock.so the lock will be done also
# on non-consecutive authentication failures.

account    required                    pam_unix.so
account    optional                    pam_permit.so
account    required                    pam_time.so

password   required                    pam_unix.so          try_first_pass nullok shadow
password   optional                    pam_permit.so

session    required                    pam_limits.so
session    required                    pam_unix.so
session    optional                    pam_permit.so

and I replaced /etc/pam.d/system-login with

#%PAM-1.0

auth       required   pam_shells.so
auth       requisite  pam_nologin.so
auth       include    system-auth

account    required   pam_access.so
account    required   pam_nologin.so
account    include    system-auth

password   include    system-auth

session    optional   pam_loginuid.so
session    optional   pam_keyinit.so       force revoke
session    include    system-auth
session    optional   pam_motd.so          motd=/etc/motd
session    optional   pam_mail.so          dir=/var/spool/mail standard quiet
-session   optional   pam_systemd.so
session    required   pam_env.so           user_readenv=0

But based on your comment:

loqs wrote:

"..." and it still works the issue is in $HOME/.pam_environment otherwise it should be in /etc/security/pam_env.conf or /etc/environment.

So if I understand the issue is not properly fixed.

In my .pam_environment I have this

SSH_AUTH_SOCK DEFAULT="${XDG_RUNTIME_DIR}/ssh-agent.socket"

Last edited by doums (2020-08-20 00:03:10)

loqs · 2020-08-20 00:02:56

What is in $HOME/.pam_environment that pam_env is rejecting?

doums · 2020-08-20 00:03:50

SSH_AUTH_SOCK DEFAULT="${XDG_RUNTIME_DIR}/ssh-agent.socket"

loqs · 2020-08-20 00:05:02

Ah same as https://bbs.archlinux.org/viewtopic.php?id=258320

loqs · 2020-08-20 00:13:38

What if you drop the quotes

SSH_AUTH_SOCK DEFAULT=${XDG_RUNTIME_DIR}/ssh-agent.socket

Edit:
Probably caused by https://github.com/linux-pam/linux-pam/ … bae546baab

If dropping the quotes does not fix it please try adding debug to the pam_env.so call

session    required   pam_env.so           user_readenv=1 debug

Then check the journal after a failed login.
Edit2:
Does the following produce any output:

grep -Pa '\x00'  .pam_environment

Last edited by loqs (2020-08-20 05:23:29)

doums · 2020-08-20 23:00:50

With user_readenv=1 and drop the quotes it works.

grep -Pa '\x00'  .pam_environment

prints nothing.

loqs · 2020-08-20 23:06:47

If there is nothing extra in the journal try adding a blank line to the end of .pam_environment, was reported to fix the issue in https://bugs.archlinux.org/task/67636#comment191877

Last edited by loqs (2020-08-20 23:07:01)

doums · 2020-08-20 23:15:29

I confirm quotes and adding a blank line to the end works.

While it is clear that there is still an error in the code that reads and parses these environment variables,
I presume this solution is enough for me.

Thanks you for your help.

Last edited by doums (2020-08-20 23:39:42)

jaap aarts · 2020-08-21 19:52:37

Can confirm, also had this issue. blank line at the end fixed it.
Seems like a lot of people are having this issue.

Arch Linux

#1 2020-08-19 23:17:38

[SOLVED] PAM Critical error - immediate abort, unable to login

#2 2020-08-19 23:21:06

Re: [SOLVED] PAM Critical error - immediate abort, unable to login

#3 2020-08-19 23:54:52

Re: [SOLVED] PAM Critical error - immediate abort, unable to login

#4 2020-08-20 00:02:56

Re: [SOLVED] PAM Critical error - immediate abort, unable to login

#5 2020-08-20 00:03:50

Re: [SOLVED] PAM Critical error - immediate abort, unable to login

#6 2020-08-20 00:05:02

Re: [SOLVED] PAM Critical error - immediate abort, unable to login

#7 2020-08-20 00:13:38

Re: [SOLVED] PAM Critical error - immediate abort, unable to login

#8 2020-08-20 23:00:50

Re: [SOLVED] PAM Critical error - immediate abort, unable to login

#9 2020-08-20 23:06:47

Re: [SOLVED] PAM Critical error - immediate abort, unable to login

#10 2020-08-20 23:15:29

Re: [SOLVED] PAM Critical error - immediate abort, unable to login

#11 2020-08-21 19:52:37

Re: [SOLVED] PAM Critical error - immediate abort, unable to login

Board footer