FS#72959 - [pambase] systemd-homed activation fails for first login
Attached to Project:
Arch Linux
Opened by Akatsuki Rui (akiirui) - Thursday, 09 December 2021, 06:22 GMT
Last edited by Andreas Radke (AndyRTR) - Sunday, 19 December 2021, 11:29 GMT
Opened by Akatsuki Rui (akiirui) - Thursday, 09 December 2021, 06:22 GMT
Last edited by Andreas Radke (AndyRTR) - Sunday, 19 December 2021, 11:29 GMT
|
Details
Description:
The pambase rules let systemd-homed activation fails for first login Additional info: * package version(s) - pambase 20211111-1 * config and/or log files etc. * link to upstream bug report, if any - https://github.com/systemd/systemd/issues/20619 Steps to reproduce: 1. Create a systemd-homed user with a password 2. Make sure that user state is inactive 3. Login that user 4. First login failed with logs: systemd-homed[889]: rui: changing state inactive → activating-for-acquire systemd-homework[1278]: None of the supplied plaintext passwords unlock the user record's hashed passwords. systemd-homed[889]: Activation failed: Required key not available systemd-homed[889]: rui: changing state activating-for-acquire → inactive systemd-homed[889]: Got notification that all sessions of user rui ended, deactivating automatically. systemd-homed[889]: Home rui already deactivated, no automatic deactivation needed. 5. Try login again (successfully): systemd-homed[889]: rui: changing state inactive → activating-for-acquire systemd-homework[1280]: Provided password unlocks user record. systemd-homework[1280]: Read embedded .identity file. systemd-homework[1280]: Provided password unlocks user record. systemd-homework[1280]: Reconciling embedded user identity completed (host and embedded version were identical). systemd-homework[1280]: Recursive changing of ownership not necessary, skipped. systemd-homework[1280]: Synchronized disk. systemd-homework[1280]: Everything completed. systemd-homed[889]: Home rui is signed exclusively by our key, accepting. systemd-homed[889]: rui: changing state activating-for-acquire → active |
This task depends upon
Closed by Andreas Radke (AndyRTR)
Sunday, 19 December 2021, 11:29 GMT
Reason for closing: Fixed
Additional comments about closing: 20211210-1
Sunday, 19 December 2021, 11:29 GMT
Reason for closing: Fixed
Additional comments about closing: 20211210-1
auth required pam_faillock.so preauth
auth [success=1 default=bad] pam_unix.so try_first_pass nullok
auth [default=die] pam_faillock.so authfail
auth required pam_faillock.so authsucc
-auth optional pam_systemd_home.so
auth optional pam_permit.so
auth required pam_env.so
solves the problem, but needs some extra eyeballs because everything I know about PAM I learned from reading the man pages today. I have attached the full `system-auth` file.