[LightDM] lightdm and kerberos on fedora 22 does not work
François Dagorn
Francois.Dagorn at univ-rennes1.fr
Wed Dec 2 00:58:16 PST 2015
Hello all,
I'm currently migrating to kerberos authentication. Authentication runs well
using ssh, does not run for lightdm. I'have left things unchanged within /etc/pam.d
for lightdm. Stuffs involved follows (/etc/pam.d/system-auth, /etc/pam.d/lightdm,
login traces ...
*more system-auth*
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 100 quiet_success
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 100 quiet
account sufficient [default=bad success=ok user_unknown=ignore] *pam_krb5.so*
account required pam_permit.so
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional *pam_krb5.so*
*more lightdm*
#%PAM-1.0
auth [success=done ignore=ignore default=bad] pam_selinux_permit.so
auth required pam_env.so
auth include *system-auth*
-auth optional pam_gnome_keyring.so
-auth optional pam_kwallet5.so
-auth optional pam_kwallet.so
auth include postlogin
account required pam_nologin.so
account include system-auth
password include system-auth
session required pam_selinux.so close
session required pam_loginuid.so
session optional pam_console.so
-session optional pam_ck_connector.so
session required pam_selinux.so open
session optional pam_keyinit.so force revoke
session required pam_namespace.so
-session optional pam_gnome_keyring.so auto_start
-session optional pam_kwallet5.so
-session optional pam_kwallet.so
session include system-auth
session optional pam_lastlog.so silent
session include postlogin
systemctl start lightdm.service
Dec 2 09:51:08 localhost systemd: Starting Light Display Manager...
Dec 2 09:51:08 localhost systemd: Started Light Display Manager.
Dec 2 09:51:08 localhost audit: <audit-1130> pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=lightdm comm="systemd" exe="/usr/lib/systemd/systemd"
hostname=? addr=? terminal=? res=success'
Dec 2 09:51:08 localhost audit: <audit-1103> pid=2735 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_env,pam_env,pam_fprintd
acct="lightdm" exe="/usr/sbin/lightdm" hostname=? addr=? terminal=:0 res=success'
Dec 2 09:51:08 localhost systemd: Created slice user-987.slice.
Dec 2 09:51:08 localhost systemd: Starting user-987.slice.
Dec 2 09:51:08 localhost systemd: Starting User Manager for UID 987...
Dec 2 09:51:08 localhost systemd-logind: New session 17 of user lightdm.
Dec 2 09:51:08 localhost systemd: Started Session 17 of user lightdm.
Dec 2 09:51:08 localhost systemd: Starting Session 17 of user lightdm.
Dec 2 09:51:08 localhost audit: <audit-1101> pid=2740 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=pam_unix,pam_localuser
acct="lightdm" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Dec 2 09:51:08 localhost audit: <audit-1105> pid=2740 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:session_open
*grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_krb5* acct="lightdm" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Dec 2 09:51:09 localhost systemd: Reached target Paths.
Dec 2 09:51:09 localhost systemd: Starting Paths.
Dec 2 09:51:09 localhost systemd: Reached target Sockets.
Dec 2 09:51:09 localhost systemd: Starting Sockets.
Dec 2 09:51:09 localhost systemd: Reached target Timers.
Dec 2 09:51:09 localhost systemd: Starting Timers.
Dec 2 09:51:09 localhost systemd: Reached target Basic System.
Dec 2 09:51:09 localhost systemd: Starting Basic System.
Dec 2 09:51:09 localhost systemd: Reached target Default.
Dec 2 09:51:09 localhost systemd: Startup finished in 13ms.
Dec 2 09:51:09 localhost systemd: Started User Manager for UID 987.
Dec 2 09:51:09 localhost audit: <audit-1130> pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user at 987 comm="systemd" exe="/usr/lib/systemd/systemd"
hostname=? addr=? terminal=? res=success'
Dec 2 09:51:09 localhost audit: <audit-1105> pid=2735 uid=0 auid=987 ses=17 msg='op=PAM:session_open
grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_namespace,pam_gnome_keyring,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_krb5,pam_lastlog,pam_lastlog
acct="lightdm" exe="/usr/sbin/lightdm" hostname=? addr=? terminal=:0 res=success'
Dec 2 09:51:09 localhost systemd: Starting Default.
*login trace*
Dec 2 09:53:18 localhost xinetd[527]: START: x11vnc pid=2762 from=148.60.14.17
Dec 2 09:53:32 localhost dbus[474]: [system] Activating via systemd: service name='net.reactivated.Fprint' unit='fprintd.service'
Dec 2 09:53:32 localhost systemd: Starting Fingerprint Authentication Daemon...
Dec 2 09:53:32 localhost dbus[474]: [system] Successfully activated service 'net.reactivated.Fprint'
Dec 2 09:53:32 localhost systemd: Started Fingerprint Authentication Daemon.
Dec 2 09:53:32 localhost audit: <audit-1130> pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=fprintd comm="systemd" exe="/usr/lib/systemd/systemd"
hostname=? addr=? terminal=? res=success'
Dec 2 09:53:36 localhost audit: <audit-1100> pid=2763 uid=0 auid=4294967295 ses=4294967295 msg='*op=PAM:authentication grantors=?* acct="dagorn"
exe="/usr/sbin/lightdm" hostname=? addr=? terminal=:0 res=failed'
Any help would be appreciated.
Cheers.
--
François
Université de Rennes 1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/lightdm/attachments/20151202/ddad188d/attachment.html>
More information about the LightDM
mailing list