[systemd-devel] Help with pam_systemd..

Sat May 26 12:32:47 PDT 2012

On Sat, May 26, 2012 at 5:29 PM, Shawn Ferris <shawn.ferris at gmail.com> wrote:
> On Sat, May 26, 2012 at 11:12 AM, Kok, Auke-jan H
> <auke-jan.h.kok at intel.com> wrote:
>
>> which pam entry is this? /etc/pam.d/??
>
> Just 'login' for now.. didn't want to keep breaking ssh by using other.
>
>> this needs to be
>>
>> session   optional   pam_systemd.so ...
>
> I tried that too and it didn't change anything, so I put it back to
> the man page suggestion.
>
>> most likely systemd --user doesn't know what to do. Have you created a
>> meaningful /usr/lib/systemd/user/default.target that actually does something?
>>
>> e.g., create a /usr/lib/systemd/user/default.target.wants, and symlink
>> some services in there.
>
> I haven't. I figured I'd start playing with services after I could
> actually get logged in with a shell. I figured out of the box, I'd at
> least still get a shell. Is that not true? is there a template
> somewhere that I could inspect? (I checked my fedora 16 box)

I've created versions for my purposes for e.g. entire desktop startups, but
essentially without a ../user/default.target there won't be anything to do
for systemd --user. Systemd upstream tarball doesn't ship anything useful,
so for now you need to manually define all the units and targets you want
to run from your systemd --user.

>> one thing I'm missing - are you in one way or another using user at .service? If
>> not, that may be the problem.
>>
>> You'll basically need to do the equivalent of systemctl enable
>> user@<username>.service
>> to tell the pid=1 systemd to autostart your systemd --user session for
>> you. I don't
>> think you want to only start the systemd --user instance when you
>> logon, but rather,
>> have it running all the time.
>
> I have actually tried with and without this, but I can't remember the
> results.. again, I figured it I could just enable pam_systemd and get
> that working, I'd add on pieces at a time. I'll re-test this and post
> about my findings.

This isn't an automagic thing that just "works", since there is absolutely
no consensus over what a "user instance" of systemd actually is, in the
first place.

In short, the needed bits are:

1) systemctl --system start user@<username>.service (may not work, but is
usable as a template)
2) ../user/default.target needs to define something meaningful
3) "session optional pam_systemd.so" in /etc/pam.d/systemd-auth
4) proper dbus.socket/dbus.service in ../user/ if you need a session bus

without any of these, nothing will happen.

Auke