Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#73309 - [pambase] system-auth confuses systemd-homed

Attached to Project: Arch Linux
Opened by Hartmut Malzahn (hwm) - Sunday, 09 January 2022, 14:22 GMT
Last edited by Jan Alexander Steffens (heftig) - Friday, 11 February 2022, 22:34 GMT
Task Type Bug Report
Category Packages: Core
Status Assigned   Reopened
Assigned To Jan Alexander Steffens (heftig)
David Runge (dvzrv)
Levente Polyak (anthraxx)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No

Details

Description:

Since upgrading pambase to 20211210-1, logging on as a user managed by systemd-homed sometimes fails. The log always shows a failed activation followed by a succesful one, like this:

systemd-homed[42543]: test: changing state inactive → activating-for-acquire
systemd-homework[43550]: None of the supplied plaintext passwords unlock the user record
systemd-homed[42543]: Activation failed: Required key not available
systemd-homed[42543]: test: changing state activating-for-acquire → inactive
systemd-homed[42543]: Got notification that all sessions of user test ended, deactivating
systemd-homed[42543]: Home test already deactivated, no automatic deactivation needed.
systemd-homed[42543]: test: changing state inactive → activating-for-acquire
systemd-homework[43551]: Provided password unlocks user record.

and homectl inspect test shows a "Bad Auth" for every "Good Auth". I'm able to reproduce this behaviour with a simple test user, eg "homectl create test --disk-size 512M --storage luks --fs-type btrfs".

On one in maybe 10-20 logins this leads to the effect that the login happens without the home path mounted, thus effectively being locked out and having to logoff and logon again. I was not able to reproduce this escalation reliably, though.

Downgrading the pambase and filesystem packages (for pam.d/system-auth and nsswitch.conf) eliminates the problem.

I did some experimenting with system-auth, to no effect.

Steps to reproduce:

create a user with homectl create (LUKS storage) and log on.
This task depends upon

Comment by Jan Alexander Steffens (heftig) - Friday, 11 February 2022, 23:49 GMT
I'm not sure what to do here. I don't know PAM or systemd-home well enough.

FTR, the changes to pambase were for FS#72967.

Loading...