From mboxrd@z Thu Jan 1 00:00:00 1970 From: Timothy Sample Subject: bug#35674: GDM auto-login doesn't work Date: Mon, 13 May 2019 10:24:58 -0400 Message-ID: <87ftpiv3d1.fsf@ngyro.com> References: <87bm0arosc.fsf@elephly.net> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([209.51.188.92]:39405) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hQBu3-00086g-5M for bug-guix@gnu.org; Mon, 13 May 2019 10:26:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hQBu1-00079v-3Y for bug-guix@gnu.org; Mon, 13 May 2019 10:26:07 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:60567) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hQBty-00079B-GE for bug-guix@gnu.org; Mon, 13 May 2019 10:26:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hQBty-0003XR-Bi for bug-guix@gnu.org; Mon, 13 May 2019 10:26:02 -0400 In-Reply-To: Sender: "Debbugs-submit" Resent-Message-ID: List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: 35674@debbugs.gnu.org Cc: Alex Griffin Hello, Ricardo Wurmus writes: > Hi Alex, > >> After configuring Guix to enable GDM auto-login, I am still presented >> with a password prompt upon booting my machine. I'm not sure whether >> it's a bug in Guix or something I'm doing wrong, so I've attached the >> configuration I'm using just in case. > > I have observed the same problem. It=E2=80=99s not something you=E2=80= =99re doing wrong. I noticed recently that GDM stopped reading its configuration file. I pushed a430a3501a6d3a565cb78e04a8dbb3ab846ec5fc, which fixes that problem, but unfortunately does not fix auto-login. If I turn on debugging output, I can see that the issue has to do with the way PAM is configured. Digging a little deeper, I found that our auto-login PAM service is auth [success=3Dok default=3D1] pam_gdm.so auth sufficient pam_permit.so What this means is that if =E2=80=9Cpam_gdm.so=E2=80=9D is not successful, = the =E2=80=9Cpam_permit.so=E2=80=9D line will be skipped, and auto-login will n= ot work. The =E2=80=9Cpam_gdm.so=E2=80=9D module does some sort of cached password looku= p using the =E2=80=9Ckeyutils=E2=80=9D library (presumably for an encrypted home direct= ory). Our build of GDM does not support this (we don=E2=80=99t include =E2=80=9Ckeyut= ils=E2=80=9D in its inputs), so the module never succeeds. As a result, auto-login fails. It looks like this particular way of doing things was cribbed from Red Hat, where the module that gets skipped by =E2=80=9Cdefault=3D1=E2=80=9D is =E2=80=9Cpam_gnome_keyring.so=E2=80=9D (and not =E2=80=9Cpam_permit.so=E2= =80=9D). Other distros simply mark it as optional. I suggest we either omit the first rule, since it will never do anything anyway, or follow other distros and change its control field to =E2=80=9Coptional=E2=80=9D. My experience with PAM is limited, so I would appreciate a second opinion before committing anything. -- Tim