Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] Help with pam_mount + GDM + systemd
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
luciano
Tux's lil' helper
Tux's lil' helper


Joined: 18 Nov 2004
Posts: 132

PostPosted: Sat Apr 09, 2022 2:23 pm    Post subject: [SOLVED] Help with pam_mount + GDM + systemd Reply with quote

I've recently updated my system and having some issues logging in using pam_mount.

My setup is to have my personal LUKS encrypted /home/myuser folder mounted via pam_mount from the GDM screen. This currently doesn't work - after entering the password, the screen goes blank, and then it drops back to the login screen after a couple of secs.

However, I can login from a console (Ctl + Alt + F2 for example) without problems.

This is what I see in the logs:

Code:

Apr 09 15:56:29 myhost systemd[1]: Created slice User Slice of UID 1000.
Apr 09 15:56:29 myhost systemd[1]: Starting User Runtime Directory /run/user/1000...
Apr 09 15:56:29 myhost systemd-logind[311]: New session 2 of user myuser.
Apr 09 15:56:29 myhost systemd[1]: Starting File System Check on /dev/disk/by-partuuid/c750827d-868e-4b99-9fa8-3e770ac54ead...
Apr 09 15:56:29 myhost systemd-fsck[697]: sdc4: fsck.crypto_LUKS doesn't exist, not checking file system.
Apr 09 15:56:29 myhost systemd[1]: Finished File System Check on /dev/disk/by-partuuid/c750827d-868e-4b99-9fa8-3e770ac54ead.
Apr 09 15:56:29 myhost systemd[1]: Finished User Runtime Directory /run/user/1000.
Apr 09 15:56:29 myhost systemd[1]: home.mount: Directory /home to mount over is not empty, mounting anyway.
Apr 09 15:56:29 myhost systemd[1]: Mounting /home...
Apr 09 15:56:29 myhost systemd[1]: Starting User Manager for UID 1000...
Apr 09 15:56:29 myhost gnome-shell[416]: Error checking authorization for action id org.freedesktop.bolt.enroll: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Action org.freedesktop.bolt.enroll is not registered
Apr 09 15:56:29 myhost systemd[699]: pam_unix(systemd-user:session): session opened for user myuser(uid=1000) by (uid=0)
Apr 09 15:56:29 myhost mount[698]: mount: /home: wrong fs type, bad option, bad superblock on /dev/sdc4, missing codepage or helper program, or other error.
Apr 09 15:56:29 myhost systemd[1]: home.mount: Mount process exited, code=exited, status=32/n/a
Apr 09 15:56:29 myhost systemd[1]: home.mount: Failed with result 'exit-code'.
Apr 09 15:56:29 myhost systemd[1]: Failed to mount /home.
Apr 09 15:56:29 myhost systemd[1]: Dependency failed for Session 2 of User myuser.
Apr 09 15:56:29 myhost systemd[1]: session-2.scope: Job session-2.scope/start failed with result 'dependency'.
Apr 09 15:56:29 myhost gdm-password][687]: pam_systemd(gdm-password:session): Failed to create session: Job 1379 for unit 'session-2.scope' failed with 'dependency'
Apr 09 15:56:29 myhost systemd-logind[311]: Session 2 logged out. Waiting for processes to exit.
Apr 09 15:56:29 myhost systemd-logind[311]: Removed session 2.
Apr 09 15:56:29 myhost gnome-shell[416]: Error checking authorization for action id org.freedesktop.bolt.enroll: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Action org.freedesktop.bolt.enroll is not registered
Apr 09 15:56:29 myhost gnome-shell[416]: Error checking authorization for action id org.freedesktop.bolt.enroll: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Action org.freedesktop.bolt.enroll is not registered
Apr 09 15:56:29 myhost systemd[699]: Queued start job for default target Main User Target.
Apr 09 15:56:29 myhost systemd[699]: Created slice User Application Slice.
Apr 09 15:56:29 myhost systemd[699]: Reached target Paths.
Apr 09 15:56:29 myhost systemd[699]: Reached target Timers.
Apr 09 15:56:29 myhost systemd[699]: Starting D-Bus User Message Bus Socket...
Apr 09 15:56:29 myhost systemd[699]: Listening on D-Bus User Message Bus Socket.
Apr 09 15:56:29 myhost systemd[699]: Reached target Sockets.
Apr 09 15:56:29 myhost systemd[699]: Reached target Basic System.
Apr 09 15:56:29 myhost systemd[699]: Reached target Main User Target.
Apr 09 15:56:29 myhost systemd[699]: Startup finished in 35ms.
Apr 09 15:56:29 myhost systemd[1]: Started User Manager for UID 1000.
Apr 09 15:56:29 myhost gnome-shell[416]: Error checking authorization for action id org.freedesktop.bolt.enroll: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Action org.freedesktop.bolt.enroll is not registered
Apr 09 15:56:30 myhost kernel: BTRFS: device fsid 35e9290a-a5eb-4416-a19b-7f1b2dff3ca4 devid 1 transid 75596 /dev/dm-0 scanned by systemd-udevd (712)
Apr 09 15:56:30 myhost kernel: BTRFS info (device dm-0): flagging fs with big metadata feature
Apr 09 15:56:30 myhost kernel: BTRFS info (device dm-0): enabling ssd optimizations
Apr 09 15:56:30 myhost kernel: BTRFS info (device dm-0): turning on sync discard
Apr 09 15:56:30 myhost kernel: BTRFS info (device dm-0): disk space caching is enabled
Apr 09 15:56:30 myhost kernel: BTRFS info (device dm-0): has skinny extents
Apr 09 15:56:30 myhost gdm-password][687]: gkr-pam: unable to locate daemon control file
Apr 09 15:56:30 myhost gdm-password][687]: gkr-pam: gnome-keyring-daemon started properly and unlocked keyring
Apr 09 15:56:30 myhost rtkit-daemon[479]: Supervising 2 threads of 1 processes of 1 users.
Apr 09 15:56:30 myhost rtkit-daemon[479]: Successfully made thread 749 of process 478 owned by '104' RT at priority 5.
Apr 09 15:56:30 myhost rtkit-daemon[479]: Supervising 3 threads of 1 processes of 1 users.
Apr 09 15:56:30 myhost gsd-media-keys[512]: Unable to get default sink
Apr 09 15:56:30 myhost /usr/libexec/gdm-wayland-session[753]: dbus-daemon[753]: [session uid=1000 pid=753] Activating service name='org.freedesktop.systemd1' requested by ':1.0' (uid=1000 pid=751 comm="/usr/libexec/gdm-wayland-session /usr/bin/gnome-se")
Apr 09 15:56:30 myhost /usr/libexec/gdm-wayland-session[753]: dbus-daemon[753]: [session uid=1000 pid=753] Activated service 'org.freedesktop.systemd1' failed: Process org.freedesktop.systemd1 exited with status 1
Apr 09 15:56:30 myhost kernel: rfkill: input handler enabled
Apr 09 15:56:30 myhost gnome-shell[416]: Error checking authorization for action id org.freedesktop.bolt.enroll: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Action org.freedesktop.bolt.enroll is not registered
Apr 09 15:56:30 myhost /usr/libexec/gdm-wayland-session[751]: Unable to register display with display manager
Apr 09 15:56:30 myhost gnome-shell[416]: Error checking authorization for action id org.freedesktop.bolt.enroll: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Action org.freedesktop.bolt.enroll is not registered
Apr 09 15:56:30 myhost gnome-shell[416]: Error checking authorization for action id org.freedesktop.bolt.enroll: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Action org.freedesktop.bolt.enroll is not registered
Apr 09 15:56:30 myhost gdm-password][687]: pam_unix(gdm-password:session): session closed for user myuser
Apr 09 15:56:30 myhost gnome-shell[416]: Error checking authorization for action id org.freedesktop.bolt.enroll: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Action org.freedesktop.bolt.enroll is not registered
Apr 09 15:56:30 myhost gnome-shell[416]: Error checking authorization for action id org.freedesktop.bolt.enroll: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Action org.freedesktop.bolt.enroll is not registered
Apr 09 15:56:30 myhost gdm-session-worker[759]: HXproc_run_async: ofl: No such file or directory
Apr 09 15:56:30 myhost gnome-shell[416]: Error checking authorization for action id org.freedesktop.bolt.enroll: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Action org.freedesktop.bolt.enroll is not registered
Apr 09 15:56:30 myhost gdm-session-worker[760]: HXproc_run_async: ofl: No such file or directory
Apr 09 15:56:30 myhost gnome-shell[416]: Error checking authorization for action id org.freedesktop.bolt.enroll: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Action org.freedesktop.bolt.enroll is not registered
Apr 09 15:56:30 myhost gdm-password][687]: (mount.c:68): umount messages:
Apr 09 15:56:30 myhost gdm-password][687]: (mount.c:72): umount: /home: target is busy.
Apr 09 15:56:30 myhost gdm-session-worker[687]: (mount.c:68): umount messages:
Apr 09 15:56:30 myhost gdm-session-worker[687]: (mount.c:72): umount: /home: target is busy.
Apr 09 15:56:30 myhost gdm-session-worker[687]: (mount.c:887): unmount of PARTUUID=c750827d-868e-4b99-9fa8-3e770ac54ead failed
Apr 09 15:56:30 myhost gdm-password][687]: (mount.c:887): unmount of PARTUUID=c750827d-868e-4b99-9fa8-3e770ac54ead failed
Apr 09 15:56:30 myhost gdm[350]: Gdm: GdmDisplay: Session never registered, failing


Below my system-login pam config:

Code:
auth      required   pam_shells.so
auth      required   pam_nologin.so
auth      include      system-auth
auth      optional   pam_mount.so
account      required   pam_access.so
account      required   pam_nologin.so
account         required        pam_time.so
account      include      system-auth
password   include      system-auth
session         optional        pam_loginuid.so
session      required   pam_env.so envfile=/etc/profile.env
session      optional   pam_lastlog.so silent
session      include      system-auth
session      optional   pam_motd.so motd=/etc/motd
session      optional   pam_mail.so
-session        optional        pam_systemd.so
session      optional   pam_mount.so


And gdm-password refers to this:

Code:

account  include  system-login

auth     substack system-login
auth     optional pam_gnome_keyring.so

password required pam_deny.so

session  substack system-login
session  optional pam_gnome_keyring.so auto_start


Further, what's even weirded is that if I keep trying to log in via GDM, it eventually succeeds. I can also see warnings saying that the encrypted volume has already been mounted if I try to log-in subsequently via console.

I have a hunch GDM is somehow timing out waiting for the disk to be decrypted.


Last edited by luciano on Sun Apr 10, 2022 9:45 am; edited 1 time in total
Back to top
View user's profile Send private message
luciano
Tux's lil' helper
Tux's lil' helper


Joined: 18 Nov 2004
Posts: 132

PostPosted: Sun Apr 10, 2022 9:43 am    Post subject: Solution Reply with quote

So I appear to have sorted this out. There were to problems I noticed.

First, the home directory /home/myuser wasn't being removed after logout; I was seeing warnings of this in the log when cryptsetup was trying to mount the unlocked drive. I simply removed this by hand. I'm not sure this was strictly necessary, as I think there is an option to ignore this in
Code:
pam_mount.config.xml
.

Second, I changed the order of some of the lines in the pam.d config file. I think this is what fixed it in the end:

Code:

cat /etc/pam.d/system-login
auth      required   pam_shells.so
auth      required   pam_nologin.so
auth      include      system-auth
auth      optional   pam_mount.so
account      required   pam_access.so
account      required   pam_nologin.so
account         required        pam_time.so
account      include      system-auth
password   include      system-auth
session         optional        pam_loginuid.so
session      required   pam_env.so envfile=/etc/profile.env
session      optional   pam_lastlog.so silent
session      include      system-auth
session         [success=1 default=ignore]  pam_succeed_if.so  service = systemd-user quiet
session      optional   pam_mount.so
session      optional   pam_motd.so motd=/etc/motd
session      optional   pam_mail.so
-session        optional        pam_systemd.so


Notice I moved the
Code:
session pam_mount
line above
Code:
session pam_systemd
. I suspect that this was causing some of the systemd error messages, as the drive was not available.
(I also added the
Code:
succeed_if.so
line, but I don't think this is mandatory - it's explained in the pam_mount page of ArchWiki[/code])

Everything appears to be working fine now.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum