Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[Solved]systemd fails tocreate user.slice at login with sssd
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Desktop Environments
View previous topic :: View next topic  
Author Message
kandid
n00b
n00b


Joined: 08 Jan 2004
Posts: 10
Location: Above the bar

PostPosted: Fri Jul 31, 2015 10:08 pm    Post subject: [Solved]systemd fails tocreate user.slice at login with sssd Reply with quote

I have a Gentoo box with systemd and KDE desktop. Recently I switched from direct LDAP authentication to sssd connected to LDAP. At a first glance eveything seemed to work, I could login using kdm.

A closer look showed that the login was not as successfull as expected: systemd did not create a user-xxx.slice but counts all user processes under kdm.service as can be seen with
Code:
systemctl status


On the other hand adding my user to /etc/passwd and disabling sssd by
Code:
systemctl stop sssd
restores the desired behaviour (but does not use LDAP).

So my question is: has anybody an idea what might systemd prevent from creating an own user.slice when logging in?

Update (Solved)
The mystery was solved by reading the PAM manual more carefully. The good news are that systemd works as expected as sssd does. The problem came in with a line I added in /etc/pam.d/ssytem-auth to integrate sssd:
Code:

~ $ grep session /etc/pam.d/system-auth
session         required        pam_limits.so
session         required        pam_env.so
session         required        pam_unix.so
session         optional        pam_permit.so
session         sufficient      pam_sss.so
-session        optional        pam_systemd.so


Declaring pam_sss.so as "sufficient", caused the PAM stack to stop execution after successfully creating a session by pam_sss.so. This in turn prevented pam_systemd.so to do its job, namely creating a slice for the new user. So reversing the last two lines to read as
Code:

~ $ grep session /etc/pam.d/system-auth
session         required        pam_limits.so
session         required        pam_env.so
session         required        pam_unix.so
session         optional        pam_permit.so
-session        optional        pam_systemd.so
session         sufficient      pam_sss.so

solved my problem.

One effect of not having a user.slice is that polkitd gives overly harsh answers. At the surface (KDE in my case) this shows up as refusing user mounts of USB devices and sending the box to sleep...
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Desktop Environments All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum