Re: [gdm-list] gdm and pam session interaction (possible dupe, forgot I use gmail not googlemail as address now)

From: Richard Horton <arimus uk gmail com>
To: gdm-list gnome org
Subject: Re: [gdm-list] gdm and pam session interaction (possible dupe, forgot I use gmail not googlemail as address now)
Date: Thu, 2 Sep 2010 12:33:57 +0100

On 2 September 2010 12:23, Jörg Barfurth <joerg barfurth oracle com> wrote:

> Can you show us the pam.d files? They are still the most likely culprit.
>
> If anything has setlogmask your log output might be dropped. (I don't know
> if gdm does this.)
>
> BTW: You should not call openlog/closelog in a pam_module. The calling
> process may have called openlog itself and that choice should prevail.
>
Re-rolling the code to use the pam_syslog functions currently...

I've tried with in both the gdm and system-auth files; when present
they look like the following (I've also tried both at same time,
rather redundant I know but was a clutching at straws attempt).

/etc/pam.d/gdm
#%PAM-1.0
auth     [success=done ignore=ignore default=bad] pam_selinux_permit.so
auth       required    pam_succeed_if.so user != root quiet
auth       required    pam_env.so
auth       substack    system-auth
auth       optional    pam_gnome_keyring.so
account    required    pam_nologin.so
account    include     system-auth
password   include     system-auth
session    required    pam_selinux.so close
session    required    pam_session_hook.so
session    required    pam_loginuid.so
session    optional    pam_console.so
session    required    pam_selinux.so open
session    optional    pam_keyinit.so force revoke
session    required    pam_namespace.so
session    optional    pam_gnome_keyring.so auto_start
session    include     system-auth

/etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_fprintd.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so sha512 shadow nullok
try_first_pass use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     required      pam_session_hook.so
session     [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session     required      pam_unix.so
-- 
Richard Horton
Users are like a virus: Each causing a thousand tiny crises until the
host finally dies.
http://www.pbase.com/arimus - My online photogallery
http://www.richardhorton.info

References:
- [gdm-list] gdm and pam session interaction (possible dupe, forgot I use gmail not googlemail as address now)
  - From: Richard Horton
- Re: [gdm-list] gdm and pam session interaction (possible dupe, forgot I use gmail not googlemail as address now)
  - From: =?ISO-8859-1?Q?J=F6rg_Barfurth?=

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]