Bug#922647: Info received (Bug#922647: systemd --user no longer running)
Michael Biebl
biebl at debian.org
Sat Mar 9 19:25:50 GMT 2019
[bringing Steve, our pam maintainer, into the loop]
Hi Steve,
the following looks like an issue in pam-auth-update and similar to
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923362
Any idea what might be going wrong there?
Am 09.03.19 um 19:55 schrieb Julien Leproust:
> Hi,
>
> Well we're in luck, I have etckeeper installed since 2012.
>
> On both machines, I never edited /etc/pam.d/common-* manually.
>
> * fc3256a - Sat, 9 Mar 2019 12:59:20 +0100 (7 hours ago) (HEAD -> master)
> | daily autocommit - root
> * efc0d23 - Thu, 7 Feb 2019 23:16:46 +0100 (4 weeks ago)
> | committing changes in /etc made by "aptitude" - root
> * 6d1fbcf - Tue, 20 Feb 2018 22:51:34 +0100 (1 year, 1 month ago)
> | committing changes in /etc after apt run - root
> * 72d4029 - Tue, 19 Apr 2016 22:00:51 +0200 (2 years, 11 months ago)
> | committing changes in /etc after apt run - root
> * 50f69ee - Sat, 1 Mar 2014 15:33:33 +0100 (5 years ago)
> | committing changes in /etc after apt run - root
> * dee824f - Sat, 4 Aug 2012 10:55:33 +0200 (7 years ago)
> Initial commit - root
>
> The modification today is the fix using pam-auth-update.
>
> The last modification, which broke pam_systemd.so, was triggered by
> libpam-cap:amd64 (1:2.25-2). The update triggered pam-auth-update, and
> /var/log/apt/term.log shows the choices I made:
>
> ────────────────────────┤ PAM configuration ├───────────────────────
> Pluggable Authentication Modules (PAM) determine how authentication,
> authorization, and password changing are handled on the system, as
> well as allowing configuration of additional actions to take when
> starting user sessions.
>
> Some PAM module packages provide profiles that can be used to
> automatically adjust the behavior of all PAM-using applications on
> the system. Please indicate which of these behaviors you wish to
> enable.
>
> PAM profiles to enable:
>
> [*] Unix authentication
> [*] Register user sessions in the systemd control group ...
> [ ] Create home directory on login
> [*] GNOME Keyring Daemon - Login keyring management
> [*] Inheritable Capabilities Management
>
>
> <Ok> <Cancel>
>
> ────────────────────────────────────────────────────────────────────
>
> And then, pam_systemd.so was incorrectly removed? I'm sure you're going
> to assume I disabled the second option, but I really doubt this.
>
> Previous modifications:
> - 20 Feb 2018: removal of libpam-ck-connector
> - 19 Apr 2016: installation of libpam-cgfs
> - 1 Mar 2014: installation of libpam-systemd
>
> Initial state for reference in August 2012:
> =======================================================================
> #
> # /etc/pam.d/common-session - session-related modules common to all
> services
> #
> # This file is included from other service-specific PAM config files,
> # and should contain a list of modules that define tasks to be performed
> # at the start and end of sessions of *any* kind (both interactive and
> # non-interactive).
> #
> # As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
> # To take advantage of this, it is recommended that you configure any
> # local modules either before or after the default block, and use
> # pam-auth-update to manage selection of other modules. See
> # pam-auth-update(8) for details.
>
> # here are the per-package modules (the "Primary" block)
> session [default=1] pam_permit.so
> # here's the fallback if no module succeeds
> session requisite pam_deny.so
> # prime the stack with a positive return value if there isn't one already;
> # this avoids us returning an error just because nothing sets a success
> code
> # since the modules above will each just jump around
> session required pam_permit.so
> # and here are more per-package modules (the "Additional" block)
> session required pam_unix.so
> session optional pam_systemd.so
> session optional pam_ck_connector.so nox11
> # end of pam-auth-update config
> =======================================================================
>
> And today:
> =======================================================================
> #
> # /etc/pam.d/common-session - session-related modules common to all
> services
> #
> # This file is included from other service-specific PAM config files,
> # and should contain a list of modules that define tasks to be performed
> # at the start and end of sessions of *any* kind (both interactive and
> # non-interactive).
> #
> # As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
> # To take advantage of this, it is recommended that you configure any
> # local modules either before or after the default block, and use
> # pam-auth-update to manage selection of other modules. See
> # pam-auth-update(8) for details.
>
> # here are the per-package modules (the "Primary" block)
> session [default=1] pam_permit.so
> # here's the fallback if no module succeeds
> session requisite pam_deny.so
> # prime the stack with a positive return value if there isn't one already;
> # this avoids us returning an error just because nothing sets a success
> code
> # since the modules above will each just jump around
> session required pam_permit.so
> # and here are more per-package modules (the "Additional" block)
> session required pam_unix.so
> session optional pam_systemd.so
> session optional pam_cgfs.so -c freezer,memory,name=systemd
> # end of pam-auth-update config
> =======================================================================
>
> I can provide the full git and apt logs, but I'd have to edit them
> before to hide personal information.
>
> Thanks anyway.
>
> Best regards,
>
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20190309/86c82b39/attachment-0001.sig>
More information about the Pkg-systemd-maintainers
mailing list