<html> <head> <base href="https://bugs.freedesktop.org/" /> </head> <body><table border="1" cellspacing="0" cellpadding="8"> <tr> <th>Priority</th> <td>medium </td> </tr> <tr> <th>Bug ID</th> <td><a class="bz_bug_link bz_status_NEW " title="NEW --- - console login no longer possible when PAM_SESSION_ERR condition is triggered" href="https://bugs.freedesktop.org/show_bug.cgi?id=67288">67288</a> </td> </tr> <tr> <th>Assignee</th> <td>systemd-bugs@lists.freedesktop.org </td> </tr> <tr> <th>Summary</th> <td>console login no longer possible when PAM_SESSION_ERR condition is triggered </td> </tr> <tr> <th>QA Contact</th> <td>systemd-bugs@lists.freedesktop.org </td> </tr> <tr> <th>Severity</th> <td>major </td> </tr> <tr> <th>Classification</th> <td>Unclassified </td> </tr> <tr> <th>OS</th> <td>All </td> </tr> <tr> <th>Reporter</th> <td>mbiebl@gmail.com </td> </tr> <tr> <th>Hardware</th> <td>Other </td> </tr> <tr> <th>Status</th> <td>NEW </td> </tr> <tr> <th>Version</th> <td>unspecified </td> </tr> <tr> <th>Component</th> <td>general </td> </tr> <tr> <th>Product</th> <td>systemd </td> </tr></table> <p> <div> <pre>Created <span class=""><a href="attachment.cgi?id=82975" name="attach_82975" title="simulate error condition in pam_systemd">attachment 82975</a> <a href="attachment.cgi?id=82975&action=edit" title="simulate error condition in pam_systemd">[details]</a></span> simulate error condition in pam_systemd Version: 204 Bug-Debian: <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717772">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717772</a> While investigating [1], I noticed, that when an error condition occurs and pam_systemd returns PAM_SESSION_ERR, I am no longer able to log in on the console. I'm immediately thrown back to the console. In the journal, I get the following log messages: <span class="quote">> Jul 20 14:08:08 pluto login[3476]: pam_unix(login:session): session opened for user michael by LOGIN(uid=0) > Jul 20 14:08:08 pluto systemd-logind[5664]: New session 13 of user michael. > Jul 20 14:08:08 pluto login[3476]: pam_systemd(login:session): Failed to parse message: Message has only 5 arguments, but more were expected > Jul 20 14:08:08 pluto systemd-logind[5664]: Removed session 13. > Jul 20 14:08:08 pluto systemd[1]: <a href="mailto:getty@tty2.service">getty@tty2.service</a> holdoff time over, scheduling restart. > Jul 20 14:08:08 pluto systemd[1]: Stopping Getty on tty2... > Jul 20 14:08:08 pluto systemd[1]: Starting Getty on tty2... > Jul 20 14:08:08 pluto systemd[1]: Started Getty on tty2.</span > I initially noticed this behaviour, when there was version mismatch (libpam-systemd v204 talking to logind v44). But this is a general problem, since there are various places in the code, where an error condition can occur. To simplify this, I wrote a tiny patch, which simulates an error condition in pam_sm_open_session(). If I apply that on top of v204, I'm also able to reproduce this behaviour on a Fedora 19 box. The pam configuration has session optional pam_systemd.so A failing pam_systemd shouldn't cause the complete PAM stack to fail. [1] <a class="bz_bug_link bz_status_RESOLVED bz_closed" title="RESOLVED NOTABUG - commit 7708588119 broke logind DBus API" href="show_bug.cgi?id=67131">https://bugs.freedesktop.org/show_bug.cgi?id=67131</a></pre> </div> </p> <hr> <span>You are receiving this mail because:</span> <ul> <li>You are the QA Contact for the bug.</li> <li>You are the assignee for the bug.</li> </ul> </body> </html>