Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved]After USE=-pam, I can't log in
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Irre
Guru
Guru


Joined: 09 Nov 2013
Posts: 351
Location: Stockholm

PostPosted: Wed Oct 16, 2019 7:04 pm    Post subject: [solved]After USE=-pam, I can't log in Reply with quote

It is not possible for me to log in to my server after I rebuilt world! :twisted:

ssh 192.168.1.6
Permission denied (publickey,keyboard-interactive).

Edit: Solved, I managed to connect a monitor and keyboard...


Last edited by Irre on Wed Oct 16, 2019 10:19 pm; edited 1 time in total
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 7734
Location: Austria

PostPosted: Wed Oct 16, 2019 7:07 pm    Post subject: Reply with quote

But why did you do that?
_________________
backend.cpp:92:2: warning: #warning TODO - this error message is about as useful as a cooling unit in the arctic
Back to top
View user's profile Send private message
mike155
Advocate
Advocate


Joined: 17 Sep 2010
Posts: 2127
Location: Frankfurt, Germany

PostPosted: Wed Oct 16, 2019 7:21 pm    Post subject: Reply with quote

Irre, developers wanted to remove the package 'virtual/pam'. They didn't want users to remove pam or the USE flag 'pam'. 8O

See: https://bugs.gentoo.org/683284

Unfortunately, they forgot to tell users that they may run into trouble after they delete 'virtual/pam' - because some packages can still depend on 'virtual/pam'.

There's an easy solution: all packages that still depend on 'virtual/pam' must be rebuilt. For example, I had to run 'emerge --oneshot shadow systemd' on my machines.

I really wish developers had written a NEWS item.


Last edited by mike155 on Wed Oct 16, 2019 7:56 pm; edited 3 times in total
Back to top
View user's profile Send private message
Irre
Guru
Guru


Joined: 09 Nov 2013
Posts: 351
Location: Stockholm

PostPosted: Wed Oct 16, 2019 7:24 pm    Post subject: Reply with quote

asturm wrote:
But why did you do that?
Because I thought pam was obsolete since virtual/pam was masked...
Back to top
View user's profile Send private message
Irre
Guru
Guru


Joined: 09 Nov 2013
Posts: 351
Location: Stockholm

PostPosted: Wed Oct 16, 2019 7:36 pm    Post subject: Reply with quote

Thank you for information. I can shutdown via a power switch. Then I try to identify what files to restore...
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 3661
Location: Illinois, USA

PostPosted: Wed Oct 16, 2019 11:20 pm    Post subject: Reply with quote

see https://forums.gentoo.org/viewtopic-p-8379672.html#8379672

Not mentioned, but I also had to edit /etc/ssh/sshd_config on my server to permit keyboard authentication.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 15314

PostPosted: Thu Oct 17, 2019 1:15 am    Post subject: Reply with quote

mike155 wrote:
Unfortunately, they forgot to tell users that they may run into trouble after they delete 'virtual/pam' - because some packages can still depend on 'virtual/pam'.
Unmerging virtual/pam should be completely safe, because it does not own any files. Unmerging it might then allow you to unmerge an actual PAM implementation that was needed - but that is only a problem if the administrator uses emerge --depclean, ignores that it is removing the real PAM, and has not installed any package versions that directly depend on the real PAM.
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 3661
Location: Illinois, USA

PostPosted: Thu Oct 17, 2019 2:26 am    Post subject: Reply with quote

Also set UsePAM to "no" in /etc/ssh/sshd_config


Hu:
Stable users can't just remove virtual/pam because packages depend on it. Devs should issue an "r" release to change the dependency to sys-libs/pam

Or just set USE=-pam globally IF not using multi-seat which includes almost all desktop and laptop owners.
This per forum discussions circa 2004 that I found while googling.

Code:
~ # equery d virtual/pam
 * These packages depend on virtual/pam:
net-fs/samba-4.5.16-r1 (pam ? virtual/pam)
sys-process/cronie-1.5.4 (pam ? virtual/pam)
x11-apps/xdm-1.1.11-r4 (pam ? virtual/pam)
Back to top
View user's profile Send private message
Irre
Guru
Guru


Joined: 09 Nov 2013
Posts: 351
Location: Stockholm

PostPosted: Thu Oct 17, 2019 8:29 pm    Post subject: Reply with quote

Tony0945 wrote:
Also set UsePAM to "no" in /etc/ssh/sshd_config

I missed that. :)
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 15314

PostPosted: Fri Oct 18, 2019 12:42 am    Post subject: Reply with quote

Yes, Portage might complain about removing the virtual if you use --depclean and have not rebuilt all the consuming packages (or if some consuming packages have not been updated). However, if you use --unmerge, it will obey you, and it should not break anything because the virtual owns no files. Removing sys-libs/pam could definitely break things, if you have not updated the consuming packages not to use it.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum