Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[Solved partially 3/6] Lightdm won't work with PAM
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Desktop Environments
View previous topic :: View next topic  
Author Message
Rexilion
Veteran
Veteran


Joined: 17 Mar 2009
Posts: 1044

PostPosted: Sun Nov 20, 2011 3:54 pm    Post subject: [Solved partially 3/6] Lightdm won't work with PAM Reply with quote

I managed to make some progress on this issue, please see the following post in this thread:

https://forums.gentoo.org/viewtopic-p-6911136.html#6911136


Last edited by Rexilion on Mon Dec 26, 2011 11:39 am; edited 2 times in total
Back to top
View user's profile Send private message
lost-distance
n00b
n00b


Joined: 10 Apr 2003
Posts: 73

PostPosted: Tue Nov 22, 2011 12:46 am    Post subject: Reply with quote

I have LightDM 1.0.6 working with PAM. I copied an existing /etc/pam.d/wdm (/usr/portage/x11-misc/wdm/files/wdm-include.1) to /etc/pam.d/lightdm:

Code:
#%PAM-1.0
auth       required             pam_nologin.so
auth       include              system-auth
account    include              system-auth
password   include              system-auth
session    include              system-auth


I use Openbox as a window manager so I can't say whether the above will work with Gnome.
Back to top
View user's profile Send private message
Rexilion
Veteran
Veteran


Joined: 17 Mar 2009
Posts: 1044

PostPosted: Tue Nov 22, 2011 6:17 am    Post subject: Reply with quote

Yes, that works for me too (partially tough). I don't know how your system-auth file looks like (did you modify it?), but some modules are not working:
- pam_ssh won't unlock my ssh-keys
- pam_gnome_keyring won't unlock my gnome-keyring
- pam_tallylog2 or pam_lastlog won't work, because the 'w' command won't show my name when I login through lightdm

(Btw, I suggest you use:

Code:
#%PAM-1.0
auth       required             pam_nologin.so
auth       include              system-login
account    include              system-login
password   include              system-login
session    include              system-auth


This is recommended by the Gentoo provided lightdm ebuild.)

Thanks
Back to top
View user's profile Send private message
lost-distance
n00b
n00b


Joined: 10 Apr 2003
Posts: 73

PostPosted: Tue Nov 22, 2011 6:11 pm    Post subject: Reply with quote

I haven't touched any PAM files; I must admit I find PAM too difficult to understand and so try to avoid going anywhere near it.

I've been building lightdm from source rather than using the lightdm package in portage, so it's likely that my setup and the portage package are doing things differently.

First I installed the following portage packages. Ensure that the "consolekit" (used by pambase, which thus might need to be re-emerged) and "policykit" (used by consolekit) USE flags are defined in portage.

sys-auth/consolekit-0.4.5-r1
sys-auth/polkit-0.102
sys-apps/accountsservice-0.6.14 (currently masked)
x11-libs/libxklavier-5.0

I apply the following patch file to the lightdm-1.0.6 source:

Code:
diff -ru LightDM-1.0.6/configure lightdm-1.0.6/configure
--- LightDM-1.0.6/configure   2011-11-02 15:27:41.000000000 +0000
+++ lightdm-1.0.6/configure   2011-11-05 00:16:49.256445216 +0000
@@ -17152,18 +17152,18 @@
  elif test -n "$PKG_CONFIG"; then
     if test -n "$PKG_CONFIG" && \
     { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"
-        gtk+-3.0
+        gtk+-2.0
         gmodule-export-2.0
     \""; } >&5
   ($PKG_CONFIG --exists --print-errors "
-        gtk+-3.0
+        gtk+-2.0
         gmodule-export-2.0
     ") 2>&5
   ac_status=$?
   $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
   test $ac_status = 0; }; then
   pkg_cv_LIGHTDM_GTK_GREETER_CFLAGS=`$PKG_CONFIG --cflags "
-        gtk+-3.0
+        gtk+-2.0
         gmodule-export-2.0
     " 2>/dev/null`
             test "x$?" != "x0" && pkg_failed=yes
@@ -17178,18 +17178,18 @@
  elif test -n "$PKG_CONFIG"; then
     if test -n "$PKG_CONFIG" && \
     { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"
-        gtk+-3.0
+        gtk+-2.0
         gmodule-export-2.0
     \""; } >&5
   ($PKG_CONFIG --exists --print-errors "
-        gtk+-3.0
+        gtk+-2.0
         gmodule-export-2.0
     ") 2>&5
   ac_status=$?
   $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
   test $ac_status = 0; }; then
   pkg_cv_LIGHTDM_GTK_GREETER_LIBS=`$PKG_CONFIG --libs "
-        gtk+-3.0
+        gtk+-2.0
         gmodule-export-2.0
     " 2>/dev/null`
             test "x$?" != "x0" && pkg_failed=yes
@@ -17213,12 +17213,12 @@
 fi
         if test $_pkg_short_errors_supported = yes; then
            LIGHTDM_GTK_GREETER_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "
-        gtk+-3.0
+        gtk+-2.0
         gmodule-export-2.0
     " 2>&1`
         else
            LIGHTDM_GTK_GREETER_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "
-        gtk+-3.0
+        gtk+-2.0
         gmodule-export-2.0
     " 2>&1`
         fi
@@ -17248,18 +17248,18 @@
  elif test -n "$PKG_CONFIG"; then
     if test -n "$PKG_CONFIG" && \
     { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"
-        gtk+-3.0
+        gtk+-2.0
         gmodule-export-2.0
     \""; } >&5
   ($PKG_CONFIG --exists --print-errors "
-        gtk+-3.0
+        gtk+-2.0
         gmodule-export-2.0
     ") 2>&5
   ac_status=$?
   $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
   test $ac_status = 0; }; then
   pkg_cv_LIGHTDM_GTK_GREETER_CFLAGS=`$PKG_CONFIG --cflags "
-        gtk+-3.0
+        gtk+-2.0
         gmodule-export-2.0
     " 2>/dev/null`
             test "x$?" != "x0" && pkg_failed=yes
@@ -17274,18 +17274,18 @@
  elif test -n "$PKG_CONFIG"; then
     if test -n "$PKG_CONFIG" && \
     { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"
-        gtk+-3.0
+        gtk+-2.0
         gmodule-export-2.0
     \""; } >&5
   ($PKG_CONFIG --exists --print-errors "
-        gtk+-3.0
+        gtk+-2.0
         gmodule-export-2.0
     ") 2>&5
   ac_status=$?
   $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
   test $ac_status = 0; }; then
   pkg_cv_LIGHTDM_GTK_GREETER_LIBS=`$PKG_CONFIG --libs "
-        gtk+-3.0
+        gtk+-2.0
         gmodule-export-2.0
     " 2>/dev/null`
             test "x$?" != "x0" && pkg_failed=yes
@@ -17309,12 +17309,12 @@
 fi
         if test $_pkg_short_errors_supported = yes; then
            LIGHTDM_GTK_GREETER_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "
-        gtk+-3.0
+        gtk+-2.0
         gmodule-export-2.0
     " 2>&1`
         else
            LIGHTDM_GTK_GREETER_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "
-        gtk+-3.0
+        gtk+-2.0
         gmodule-export-2.0
     " 2>&1`
         fi
@@ -17322,7 +17322,7 @@
    echo "$LIGHTDM_GTK_GREETER_PKG_ERRORS" >&5
 
    as_fn_error $? "Package requirements (
-        gtk+-3.0
+        gtk+-2.0
         gmodule-export-2.0
     ) were not met:
 
diff -ru LightDM-1.0.6/data/lightdm.conf lightdm-1.0.6/data/lightdm.conf
--- LightDM-1.0.6/data/lightdm.conf   2011-10-18 04:05:20.000000000 +0100
+++ lightdm-1.0.6/data/lightdm.conf   2011-11-05 00:16:49.256445216 +0000
@@ -60,9 +60,9 @@
 #xdmcp-manager=
 #xdmcp-port=177
 #xdmcp-key=
-#greeter-session=example-gtk-gnome
+greeter-session=lightdm-gtk-greeter
 #greeter-hide-users=false
-#user-session=default
+user-session=openbox
 #allow-guest=true
 #guest-session=UNIMPLEMENTED
 #session-wrapper=lightdm-session
diff -ru LightDM-1.0.6/greeters/gtk/greeter.ui lightdm-1.0.6/greeters/gtk/greeter.ui
--- LightDM-1.0.6/greeters/gtk/greeter.ui   2011-10-25 16:05:16.000000000 +0100
+++ lightdm-1.0.6/greeters/gtk/greeter.ui   2011-11-05 00:16:49.256445216 +0000
@@ -28,19 +28,6 @@
             <property name="border_width">12</property>
             <property name="spacing">6</property>
             <child>
-              <object class="GtkImage" id="image1">
-                <property name="visible">True</property>
-                <property name="can_focus">False</property>
-                <property name="pixel_size">64</property>
-                <property name="icon_name">computer</property>
-              </object>
-              <packing>
-                <property name="expand">False</property>
-                <property name="fill">True</property>
-                <property name="position">0</property>
-              </packing>
-            </child>
-            <child>
               <object class="GtkLabel" id="hostname_label">
                 <property name="visible">True</property>
                 <property name="can_focus">False</property>
diff -ru LightDM-1.0.6/greeters/gtk/lightdm-gtk-greeter.conf lightdm-1.0.6/greeters/gtk/lightdm-gtk-greeter.conf
--- LightDM-1.0.6/greeters/gtk/lightdm-gtk-greeter.conf   2011-09-28 08:11:35.000000000 +0100
+++ lightdm-1.0.6/greeters/gtk/lightdm-gtk-greeter.conf   2011-11-05 00:16:49.256445216 +0000
@@ -8,11 +8,11 @@
 # xft-rgba = Type of subpixel antialiasing (none, rgb, bgr, vrgb or vbgr)
 #
 [greeter]
-#background=
+background=/usr/share/lightdm-gtk-greeter/bg.jpg
 #show-language-selector=false
 #theme-name=
 #font-name=
 #xft-antialias=
-#xft-dpi=
+xft-dpi=96
 #xft-hintstyle=
 #xft-rgba=
diff -ru LightDM-1.0.6/src/session.c lightdm-1.0.6/src/session.c
--- LightDM-1.0.6/src/session.c   2011-10-25 15:42:33.000000000 +0100
+++ lightdm-1.0.6/src/session.c   2011-11-05 00:16:49.256445216 +0000
@@ -256,6 +256,8 @@
     session_set_env (session, "LOGNAME", user_get_name (user));
     session_set_env (session, "HOME", user_get_home_directory (user));
     session_set_env (session, "SHELL", user_get_shell (user));
+    session_set_env (session, "LANG", "en_GB");
+    session_set_env (session, "LC_COLLATE", "POSIX");
 
     session_set_env (session, "USERNAME", user_get_name (user)); // FIXME: Is this required?
 


I configure with the following options:

Code:
./configure \
   CC="gcc" \
   CXX="g++" \
   CFLAGS="-pipe -fomit-frame-pointer -O2 -march=core2" \
   CXXFLAGS="${CFLAGS}" \
   CPPFLAGS="" \
   --prefix=/usr \
   --sysconfdir=/etc \
   --localstatedir=/var \
   --libdir=/usr/lib64 \
   --disable-static \
   --disable-liblightdm-qt \
   --disable-gtk-doc \
   --disable-gtk-doc-html \
   --disable-gtk-doc-pdf


I type "make" and "make install-strip".

I created the following /etc/init.d/lightdm rc script:

Code:
#!/sbin/runscript

depend() {
   need localmount consolekit
}

start() {
   ebegin "Starting lightdm"
   start-stop-daemon --start --background --exec /usr/sbin/lightdm -- \
      -c /etc/lightdm/lightdm.conf
   eend 0
   return 0
}

stop() {
   ebegin "Stopping lightdm"
   start-stop-daemon --stop --quiet --pidfile /var/run/lightdm.pid
   eend 0
   return 0
}


I created the /etc/pam.d/lightdm file mentioned earlier.

I added a background image: /usr/share/lightdm-gtk-greeter/bg.jpg (anything will do).

I created the lightdm user account:

Code:
# useradd -c "Light Display Manager" -d /home/lightdm -g 100 -s /bin/false -u 114 lightdm
# mkdir /home/lightdm
# chown lightdm: /home/lightdm


I think that's about it. Hopefully something here will help with your setup.
Back to top
View user's profile Send private message
Rexilion
Veteran
Veteran


Joined: 17 Mar 2009
Posts: 1044

PostPosted: Tue Nov 22, 2011 8:10 pm    Post subject: Reply with quote

I can see many similarity's with the ebuild portage provided and your modifications. Some differences, however, do stand out and seem interesting though, I will try to apply them and see how far I can get. Thank you for taking the effort to post your howto.
Back to top
View user's profile Send private message
Rexilion
Veteran
Veteran


Joined: 17 Mar 2009
Posts: 1044

PostPosted: Mon Dec 26, 2011 11:28 am    Post subject: Reply with quote

I solved it partially so far, these are my observations:

- Need to include pam_ssh before system-login. Why? pam_mktemp makes pam_ssh fail to work when used under lightdm (don't know why)
- Need to include pam_ck_connector with the nox11 parameter otherwise consolekit's consistency check fails (garbage in -> garbage out)
- Need to include pam_loginuid before pam_ck_connector otherwise pam_ck_connector simply won't work (not the default in Gentoo!)

However,
- The output of 'w' is still messed up (only root logins are recorded)
- gnome-keyring won't unlock on login -> I added patches from Suse which are supposed to fix this, but to no avail. The weird thing is: GNOME_KEYRING_CONTROL=/tmp/.private/root/keyring-Bjn7Ta (huh?)
- gdmflexiserver won't work -> gnome-screensaver can't change user anymore. This is also despite a patch from Suse which supposedly makes it work.

So the puzzle isn't 100% complete. But I'll get there.

Here is a lightdm pam file that does the job (Gentoo only):

You can see that I changed the ordering of modules in the session section. Furthermore, a small but critical change is the session include line, first it includes system-auth, but now it includes system-login. This is because system-login includes system-auth and it adds several other modules including pam_loginuid (so it is there!).

Quote:
#%PAM-1.0
auth optional pam_env.so
auth include system-login
auth optional pam_ssh.so use_first_pass
auth required pam_exec.so quiet expose_authtok /etc/pam_exec.sh
auth required pam_nologin

account include system-login

password include system-login

session optional pam_ssh.so
session include system-login
session optional pam_exec.so quiet /etc/pam_exec.sh
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Desktop Environments All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum