View previous topic :: View next topic |
Author |
Message |
albright Advocate
Joined: 16 Nov 2003 Posts: 2588 Location: Near Toronto
|
Posted: Sun Jun 28, 2015 2:31 pm Post subject: kde 5 screen locker works too well (won't unlock) [SOLVED] |
|
|
as in the subject
when I enter the correct password on kde lock screen it just
reports login failed
nothing is posted in the logs (how come gentoo has no auth.log by the way?)
kcheckpass works fine from the command line (after adding a kde file
to /etc/pam.d and setting kcheckpass suid, as the internet suggested)
I'm quite at a loss ...
running the (~) kde 5.3 stuff from portage _________________ .... there is nothing - absolutely nothing - half so much worth
doing as simply messing about with Linux ...
(apologies to Kenneth Graeme)
Last edited by albright on Tue Jun 30, 2015 11:47 am; edited 1 time in total |
|
Back to top |
|
|
davidm Guru
Joined: 26 Apr 2009 Posts: 557 Location: US
|
Posted: Mon Jun 29, 2015 5:00 pm Post subject: |
|
|
It works here on an OpenRC system with sddm although it was a bit screwy and didn't seem to work until I played around with systemsettings5 and rebooted a few times. My problem with the screwiness was the opposite-- it never wanted to lock automatically and then put the LCD in sleep mode.
When I enter an incorrect password I see this in /var/log/messages:
Quote: |
Jun 29 12:54:55 gentoo kcheckpass[23495]: pam_unix(kde:auth): authentication failure; logname= uid=1000 euid=1000 tty=:0 ruser= rhost= user=david
Jun 29 12:54:55 gentoo kcheckpass[23495]: Authentication failure for david (invoked by uid 1000)
|
Are you seeing those messages indicating that kcheckpass is indeed getting invoked? Are you using sddm? If so do you see anything weird in sddm.log?
Checking around it seems most past bugs involved PAM in some way... Check '# cat /var/log/messages | grep -i pam' maybe for clues? |
|
Back to top |
|
|
albright Advocate
Joined: 16 Nov 2003 Posts: 2588 Location: Near Toronto
|
Posted: Tue Jun 30, 2015 11:47 am Post subject: |
|
|
thanks for the reply
It turned out (surprise) to be my own fault, not noticing
that kcheckpass is provided by (old) kde-base/kcheckpass
and (new) plasma-workspace
I had the old and new packages installed and the system was apparently
confused
I suppose I should wipe out all old kde-base apps but it still seems that
there is an unholy mixture of old and new required at the moment _________________ .... there is nothing - absolutely nothing - half so much worth
doing as simply messing about with Linux ...
(apologies to Kenneth Graeme) |
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 8936
|
Posted: Thu Nov 12, 2015 12:03 am Post subject: |
|
|
albright, just to make sure, your issue was fixed after removing kde-base/kcheckpass? |
|
Back to top |
|
|
albright Advocate
Joined: 16 Nov 2003 Posts: 2588 Location: Near Toronto
|
Posted: Thu Nov 12, 2015 12:39 pm Post subject: |
|
|
Quote: | albright, just to make sure, your issue was fixed after removing kde-base/kcheckpass? |
yes, both kde-base/kcheckpass and kde-plasma/plasma-workspace provide /usr/lib64/libexec/kcheckpass
it's the latter that works with kde5 _________________ .... there is nothing - absolutely nothing - half so much worth
doing as simply messing about with Linux ...
(apologies to Kenneth Graeme) |
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 8936
|
Posted: Thu Nov 12, 2015 7:05 pm Post subject: |
|
|
They can't provide it both, otherwise there'd be a file collision. The kde-base/ one is kde4 prefixed iirc |
|
Back to top |
|
|
yagami Apprentice
Joined: 12 May 2002 Posts: 269 Location: Leiria, Portugal
|
Posted: Sun Nov 22, 2015 6:16 pm Post subject: |
|
|
I have this problem.
I dont have kde4 kcheckpass package installed.
I have to chmod +s kcheckpass for it to unlock. When i update plasma-workspace, the file is installed without +s chmod, so i have to do it again.
why is this ? |
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 8936
|
Posted: Sun Nov 22, 2015 7:10 pm Post subject: |
|
|
Please check:
Code: | $ ls -l /etc/pam.d/kde* |
|
|
Back to top |
|
|
yagami Apprentice
Joined: 12 May 2002 Posts: 269 Location: Leiria, Portugal
|
Posted: Mon Nov 23, 2015 12:47 pm Post subject: |
|
|
genstorm wrote: | Please check:
Code: | $ ls -l /etc/pam.d/kde* |
|
Sorry for delay:
pam.d # ls kde*
kde kde-np
cat kde
#%PAM-1.0
auth required pam_nologin.so
auth include system-local-login
account include system-local-login
password include system-local-login
session include system-local-login
cat kde-np
#%PAM-1.0
auth required pam_nologin.so
auth required pam_permit.so
account include system-local-login
password include system-local-login
session include system-local-login |
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 8936
|
Posted: Tue Jan 12, 2016 11:56 pm Post subject: |
|
|
Both of your systems are set up the same way, using binpkgs? |
|
Back to top |
|
|
yagami Apprentice
Joined: 12 May 2002 Posts: 269 Location: Leiria, Portugal
|
Posted: Wed Jan 13, 2016 11:04 am Post subject: |
|
|
Thank you.
No, they are both compiled from source.
What they share is portage configuration from here: https://bitbucket.org/alexandre_pereira/gentoo-portage
I update that repository and then mantain specific branchs for each ( hardware differences ). But no binpkg sharing ( one is a i7 sandybridge with radeon, other is i7 haswell with intel+nvidia ) |
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 8936
|
Posted: Wed Jan 13, 2016 11:14 am Post subject: |
|
|
What profile do you use? A systemd one? |
|
Back to top |
|
|
yagami Apprentice
Joined: 12 May 2002 Posts: 269 Location: Leiria, Portugal
|
Posted: Wed Jan 13, 2016 11:34 am Post subject: |
|
|
genstorm wrote: | What profile do you use? A systemd one? |
Yes, its systemd profile |
|
Back to top |
|
|
yagami Apprentice
Joined: 12 May 2002 Posts: 269 Location: Leiria, Portugal
|
Posted: Sun Jan 17, 2016 10:35 pm Post subject: |
|
|
found the problem: /sbin/unix_chkpwd was not set setuid. making it setuid, allows for kcheckpass not need to be setuid |
|
Back to top |
|
|
mdshort Apprentice
Joined: 06 Dec 2004 Posts: 157
|
Posted: Tue Apr 19, 2016 1:37 am Post subject: |
|
|
Thank you! This fixed my issue. I am running unstable branch and this is still a problem.
# chmod +s /sbin/unix_chkpwd _________________ "With every rise, there is a fall." |
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 8936
|
Posted: Tue Apr 19, 2016 7:35 am Post subject: |
|
|
@mdshort: The original issue of this thread was fixed. However, your problem can be a symptom of a config issue (please check `$ ck-list-sessions`) or that the latest ~arch version of pam (1.2.1-r1) with USE=filecaps is not working for you, for some yet unknown reason. For reference: https://bugs.gentoo.org/show_bug.cgi?id=564618 |
|
Back to top |
|
|
as.gentoo Guru
Joined: 07 Aug 2004 Posts: 319
|
Posted: Tue Apr 19, 2016 11:25 am Post subject: |
|
|
genstorm wrote: | @mdshort: The original issue of this thread was fixed. However, your problem can be a symptom of a config issue (please check `$ ck-list-sessions`) or that the latest ~arch version of pam (1.2.1-r1) with USE=filecaps is not working for you, for some yet unknown reason. For reference: https://bugs.gentoo.org/show_bug.cgi?id=564618 | So using chmod is the general solution here?
Just in case (installed versionn and USE flag) Code: | 0 ✓ xxx@magic /home/xxx $> eix sys-libs/pam$
* sys-libs/pam
Installierte Versionen: Version: 1.2.1-r1
USE: berkdb cracklib filecaps nls pie -audit -debug -nis -selinux -test -vim-syntax ABI_MIPS="-n32 -n64 -o32" ABI_PPC="-32 -64" ABI_S390="-32 -64" ABI_X86="64 -32 -x32"
0 ✓ xxx@magic /home/xxx $> eix kwallet-pam$
* kde-plasma/kwallet-pam
Installierte Versionen: Version: 5.6.2-r1(5)
USE: oldwallet -debug
0 ✓ xxx@magic /home/xxx $> ck-list-sessions
Session1:
unix-user = '1000'
realname = 'xxx'
seat = 'Seat1'
session-type = ''
active = TRUE
x11-display = ':0'
x11-display-device = '/dev/tty7'
display-device = ''
remote-host-name = ''
is-local = TRUE
on-since = '2016-04-19T10:19:39.868138Z'
login-session-id = '1'
0 ✓ xxx@magic /home/xxx $> ls -l /etc/pam.d/kde*
-rw-r--r-- 1 root root 217 12. Apr 16:32 /etc/pam.d/kde-np
0 ✓ xxx@magic /home/xxx $> eix sys-apps/openrc
* sys-apps/openrc
Installierte Versionen: Version: 0.20.5
USE: ncurses netifrc pam unicode -audit -debug -newnet -prefix -selinux -static-libs -tools KERNEL="linux -FreeBSD"
$> eselect profile list | grep \*
[8] default/linux/amd64/13.0/desktop/plasma * |
Is there anything (else) wrong here? |
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 8936
|
Posted: Tue Apr 19, 2016 4:30 pm Post subject: |
|
|
as.gentoo wrote: | genstorm wrote: | @mdshort: The original issue of this thread was fixed. However, your problem can be a symptom of a config issue (please check `$ ck-list-sessions`) or that the latest ~arch version of pam (1.2.1-r1) with USE=filecaps is not working for you, for some yet unknown reason. For reference: https://bugs.gentoo.org/show_bug.cgi?id=564618 | So using chmod is the general solution here? |
Not manual chmod, but setting USE=-filecaps for pam. |
|
Back to top |
|
|
as.gentoo Guru
Joined: 07 Aug 2004 Posts: 319
|
Posted: Tue Apr 19, 2016 8:15 pm Post subject: |
|
|
Unfortunately that didn't help.
Quote: | $> eix sys-libs/pam | grep -E '\*|nstallierte| USE'
* sys-libs/pam
Installierte Versionen: Version: 1.2.1-r1
USE: berkdb cracklib nls pie -audit -debug -filecaps -nis -selinux -test -vim-syntax ABI_MIPS="-n32 -n64 -o32" ABI_PPC="-32 -64" ABI_S390="-32 -64" ABI_X86="64 -32 -x32" |
There are some entries in the log files, but I don't know if that's related. Code: | Apr 19 21:22:18 [ntpd] adjusting clock frequency by -6.968406 to -18.947395ppm
Apr 19 21:27:29 [dbus] [system] Activating service name='org.freedesktop.Accounts' (using servicehelper)
Apr 19 21:27:30 [accounts-daemon] started daemon version 0.6.40
Apr 19 21:27:30 [dbus] [system] Successfully activated service 'org.freedesktop.Accounts'
Apr 19 21:30:01 [CROND] (root) CMD ([ ! -x /etc/cron.hourly/0anacron ] && { test -x /usr/sbin/run-crons && /usr/sbin/run-crons ; })
Apr 19 21:30:45 [sudo] pam_unix(sudo:session): session closed for user root
## locale is actually de_DE
Apr 19 21:31:26 [polkitd] Unregistered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session1 (system bus name :1.17, object path /org/kde/PolicyKit1/AuthenticationAgent, locale en_GB.utf8)
## probably not related
Apr 19 21:31:26 [kernel] [ 2223.817282] kactivitymanage[3494]: segfault at 7f0d7b38bc50 ip 00007f0d6c0c0071 sp 00007ffe97457fe8 error 4 in libQt5Sql.so.5.5.1[7f0d6c0ac000+3f000]
Apr 19 21:31:26 [kernel] [ 2223.852202] traps: ck-remove-direc[6924] trap int3 ip:7f7aa16bc620 sp:7fffa8018d50 error:0
## openrc here - make.conf contains USE="$USE -systemd", kernel is set to use (only) openrc as well
Apr 19 21:31:27 [sddm-helper] PAM unable to dlopen(/lib64/security/pam_systemd.so): /lib64/security/pam_systemd.so: cannot open shared object file: No such file or directory
Apr 19 21:31:27 [sddm-helper] PAM adding faulty module: /lib64/security/pam_systemd.so
Apr 19 21:31:27 [sddm-helper] pam_unix(sddm-greeter:session): session opened for user sddm by (uid=0)
Apr 19 21:31:42 [/usr/sbin/gpm] *** info [mice.c(1990)]:
Apr 19 21:31:42 [/usr/sbin/gpm] imps2: Auto-detected intellimouse PS/2
## file not found - PA works so ?!
Apr 19 21:31:46 [pulseaudio] [pulseaudio] pid.c: Failed to open PID file '/run/user/1000/pulse/pid': Datei oder Verzeichnis nicht gefunden
- Last output repeated twice -
Apr 19 21:31:52 [login] pam_unix(login:session): session opened for user xxx by LOGIN(uid=0)
Apr 19 21:31:52 [kernel] [ 2249.615468] traps: ck-remove-direc[6975] trap int3 ip:7f3926a8d620 sp:7ffee7c4c9e0 error:0
Apr 19 21:32:08 [sudo] xxx : TTY=tty1 ; PWD=/home/xxx ; USER=root ; COMMAND=/bin/tail -f /var/log/everything/current
Apr 19 21:32:08 [sudo] pam_unix(sudo:session): session opened for user root by xxx(uid=0)
Apr 19 21:32:12 [sddm-helper] pam_kwallet(sddm:auth): (null): pam_sm_authenticate_
Apr 19 21:32:12 [sddm-helper] pam_kwallet5(sddm:auth): (null): pam_sm_authenticate_
Apr 19 21:32:12 [sddm-helper] pam_kwallet(sddm:setcred): pam_kwallet: pam_sm_setcred
Apr 19 21:32:12 [sddm-helper] pam_kwallet5(sddm:setcred): pam_kwallet5: pam_sm_setcred
Apr 19 21:32:12 [sddm-helper] pam_unix(sddm:session): session opened for user xxx by (uid=0)
Apr 19 21:32:12 [sddm-helper] pam_ck_connector(sddm:session): nox11 mode, ignoring PAM_TTY :0
Apr 19 21:32:12 [sddm-helper] pam_kwallet(sddm:session): pam_kwallet: pam_sm_open_session_
Apr 19 21:32:12 [sddm-helper] pam_kwallet(sddm:session): pam_kwallet: final socket path: /tmp/kwallet_xxx.socket
## Is that supposed to be? What exists is /usr/bin/kwalletd5
Apr 19 21:32:12 [sddm-helper] pam_kwallet: could not execute kwalletd from /usr/bin/kwalletd
Apr 19 21:32:12 [sddm-helper] pam_kwallet5(sddm:session): pam_kwallet5: pam_sm_open_session_
Apr 19 21:32:12 [sddm-helper] pam_kwallet5(sddm:session): pam_kwallet5: final socket path: /tmp/kwallet5_xxx.socket
Apr 19 21:32:13 [dbus] [system] Activating service name='org.kde.powerdevil.backlighthelper' (using servicehelper)
Apr 19 21:32:13 [dbus] [system] Successfully activated service 'org.kde.powerdevil.backlighthelper'
Apr 19 21:32:13 [polkitd] Registered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session3 (system bus name :1.43 [/usr/lib64/libexec/polkit-kde-authentication-agent-1], object path /org/kde/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 19 21:32:13 [rtkit-daemon] Successfully made thread 7202 of process 7202 (/usr/bin/pulseaudio) owned by '1000' high priority at nice level -11._
Apr 19 21:32:13 [rtkit-daemon] Successfully made thread 7209 of process 7202 (/usr/bin/pulseaudio) owned by '1000' RT at priority 5._
Apr 19 21:32:18 [rtkit-daemon] Successfully made thread 7302 of process 7202 (/usr/bin/pulseaudio) owned by '1000' RT at priority 5._
Apr 19 21:32:18 [rtkit-daemon] Successfully made thread 7305 of process 7202 (/usr/bin/pulseaudio) owned by '1000' RT at priority 5._
Apr 19 21:33:06 [/usr/sbin/gpm] *** info [mice.c(1990)]:
Apr 19 21:33:06 [/usr/sbin/gpm] imps2: Auto-detected intellimouse PS/2
## this happens when I entered my password in order to unlock the lock screen
Apr 19 21:33:20 [kcheckpass] Authentication failure for xxx (invoked by uid 1000)
Apr 19 21:33:23 [/usr/sbin/gpm] *** info [mice.c(1990)]:
Apr 19 21:33:23 [/usr/sbin/gpm] imps2: Auto-detected intellimouse PS/2 |
Login works but unlock doesn't.
Why does SDDM show "US layout" as (only) selection? The login works - my password contains special characters - so the keyboard layout is actually de_DE no matter what is shown by SDDM.
For now I use vlock as a "replacement", but as soon as there are several users having sessions this becomes a problem. |
|
Back to top |
|
|
as.gentoo Guru
Joined: 07 Aug 2004 Posts: 319
|
Posted: Wed Apr 20, 2016 2:34 pm Post subject: |
|
|
Unlocking works now, it was either the update to -5.6.3 or removal of
Code: | -auth optional pam_kwallet.so kdehome=.kde4
-session optional pam_kwallet.so | from /etc/pam.d/sddm. The elog for -5.6.2 says that it should contain this: Code: | -auth optional pam_kwallet5.so
-session optional pam_kwallet5.so auto_start
-auth optional pam_kwallet.so kdehome=.kde4
-session optional pam_kwallet.so |
I guess that should have helped with the migration of kwallet.
Maybe I did something wrong - at least kmail asked (@-5.6.2) and still asks for login data each time it's started. In KDE4 it was possible to activate a checkbox so that a new entry is made in the wallet when a password was given for the first time. How can I activate that feature? |
|
Back to top |
|
|
|