GDM auto-login doesn't work

OpenSubmitted by Alex Griffin.
Details
4 participants
  • Alex Griffin
  • Pierre Neidhardt
  • Ricardo Wurmus
  • Timothy Sample
Owner
unassigned
Severity
normal
Merged with
A
A
Alex Griffin wrote on 10 May 2019 22:31
(address . bug-guix@gnu.org)
f3aa62e2-3b0e-4f2b-985d-240d8b57d8fe@www.fastmail.com
After configuring Guix to enable GDM auto-login, I am still presented with a password prompt upon booting my machine. I'm not sure whether it's a bug in Guix or something I'm doing wrong, so I've attached the configuration I'm using just in case.-- Alex Griffin
(use-modules (gnu)) (use-service-modules desktop networking ssh xorg) (load "simple-firewall.scm") (operating-system (locale "en_US.utf8") (timezone "America/Chicago") (keyboard-layout (keyboard-layout "us" "workman")) (bootloader (bootloader-configuration (bootloader grub-bootloader) (target "/dev/sda") (timeout 2) (keyboard-layout keyboard-layout) (menu-entries (list (menu-entry (label "Debian 10 (buster)") (device "debboot") (linux "(hd0,gpt3)/vmlinuz-4.19.0-4-amd64") (linux-arguments '("root=UUID=227c5e05-6dff-4802-9537-688e20892cf6" "ro" "quiet" "splash")) (initrd "(hd0,gpt3)/initrd.img-4.19.0-4-amd64")) (menu-entry (label "PureOS") (device "pureosboot") (linux "(hd0,gpt5)/vmlinuz-4.19.0-4-amd64") (linux-arguments '("root=UUID=b315dea0-efc1-48ea-9bb4-f1c3aa7e2ce5" "ro" "quiet" "splash")) (initrd "(hd0,gpt5)/initrd.img-4.19.0-4-amd64")))))) (mapped-devices (list (mapped-device (source (uuid "5abba48a-e3e2-4114-8dfc-d97f2a5ba9ac")) (target "home") (type luks-device-mapping)))) (file-systems (cons* (file-system (mount-point "/") (device (uuid "1f1bdd00-3aa2-476f-8b5d-4a8200737eb9" 'ext4)) (type "ext4")) (file-system (mount-point "/home") (device "/dev/mapper/home") (type "ext4")) %base-file-systems)) (host-name "tenzin") (users (cons* (user-account (name "ajgrf") (comment "Alex Griffin") (group "ajgrf") (home-directory "/home/ajgrf") (supplementary-groups '("wheel" "netdev" "audio" "video"))) %base-user-accounts)) (groups (cons* (user-group (name "ajgrf") (id 1000)) %base-groups)) (packages (cons* (specification->package "nss-certs") %base-packages)) (services (cons* (service gnome-desktop-service-type) (service iptables-service-type (simple-firewall #:open-tcp-ports '(6600 8376 29254) #:open-udp-ports '(1900))) (modify-services %desktop-services (gdm-service-type config => (gdm-configuration (inherit config) (xorg-configuration (xorg-configuration (keyboard-layout keyboard-layout))) (auto-login? #t) (default-user "ajgrf")))))))
R
R
Ricardo Wurmus wrote on 10 May 2019 23:18
(name . Alex Griffin)(address . a@ajgrf.com)(address . 35674@debbugs.gnu.org)
87bm0arosc.fsf@elephly.net
Hi Alex,
Toggle quote (5 lines)> After configuring Guix to enable GDM auto-login, I am still presented> with a password prompt upon booting my machine. I'm not sure whether> it's a bug in Guix or something I'm doing wrong, so I've attached the> configuration I'm using just in case.
I have observed the same problem. It’s not something you’re doing wrong.
--Ricardo
T
T
Timothy Sample wrote on 13 May 2019 16:24
(address . 35674@debbugs.gnu.org)
87ftpiv3d1.fsf@ngyro.com
Hello,
Ricardo Wurmus <rekado@elephly.net> writes:
Toggle quote (9 lines)> Hi Alex,>>> After configuring Guix to enable GDM auto-login, I am still presented>> with a password prompt upon booting my machine. I'm not sure whether>> it's a bug in Guix or something I'm doing wrong, so I've attached the>> configuration I'm using just in case.>> I have observed the same problem. It’s not something you’re doing wrong.
I noticed recently that GDM stopped reading its configuration file. Ipushed a430a3501a6d3a565cb78e04a8dbb3ab846ec5fc, which fixes thatproblem, but unfortunately does not fix auto-login.
If I turn on debugging output, I can see that the issue has to do withthe way PAM is configured. Digging a little deeper, I found that ourauto-login PAM service is
auth [success=ok default=1] pam_gdm.so auth sufficient pam_permit.so
What this means is that if “pam_gdm.so” is not successful, the“pam_permit.so” line will be skipped, and auto-login will not work. The“pam_gdm.so” module does some sort of cached password lookup using the“keyutils” library (presumably for an encrypted home directory). Ourbuild of GDM does not support this (we don’t include “keyutils” in itsinputs), so the module never succeeds. As a result, auto-login fails.
It looks like this particular way of doing things was cribbed from RedHat, where the module that gets skipped by “default=1” is“pam_gnome_keyring.so” (and not “pam_permit.so”). Other distros simplymark it as optional. I suggest we either omit the first rule, since itwill never do anything anyway, or follow other distros and change itscontrol field to “optional”.
My experience with PAM is limited, so I would appreciate a secondopinion before committing anything.

-- Tim
A
A
Alex Griffin wrote on 1 Nov 2019 17:02
(name . Ricardo Wurmus)(address . rekado@elephly.net)
49a78343-9a08-434e-ade4-743c9d871452@www.fastmail.com
On Mon, May 13, 2019, at 2:24 PM, Timothy Sample wrote:
Toggle quote (14 lines)> If I turn on debugging output, I can see that the issue has to do with> the way PAM is configured. Digging a little deeper, I found that our> auto-login PAM service is> > auth [success=ok default=1] pam_gdm.so> auth sufficient pam_permit.so> > What this means is that if “pam_gdm.so” is not successful, the> “pam_permit.so” line will be skipped, and auto-login will not work. The> “pam_gdm.so” module does some sort of cached password lookup using the> “keyutils” library (presumably for an encrypted home directory). Our> build of GDM does not support this (we don’t include “keyutils” in its> inputs), so the module never succeeds. As a result, auto-login fails.
I tried adding keyutils to the GDM package and it made no difference. I confirmed that it linked correctly, but didn't look into it further.
Toggle quote (7 lines)> It looks like this particular way of doing things was cribbed from Red> Hat, where the module that gets skipped by “default=1” is> “pam_gnome_keyring.so” (and not “pam_permit.so”). Other distros simply> mark it as optional. I suggest we either omit the first rule, since it> will never do anything anyway, or follow other distros and change its> control field to “optional”.
I can confirm that changing the control value to "optional" satisfies PAM, but I ran into another problem. GDM continually crashes and restarts about 40 times once autologin is enabled. If I switch to another tty and run `herd restart xorg-server`, then GDM starts fine and automatically logs me in.
I've attached a file with a bunch of log messages. Not full log files, but snippets from a bunch of logs that I thought looked relevant.
Toggle quote (3 lines)> My experience with PAM is limited, so I would appreciate a second> opinion before committing anything.
This bug was my introduction to PAM, so perhaps my opinion isn't very reassuring, but changing pam_gdm.so to optional seems harmless in this case. Even if it somehow screws something up, it will only affect people who went out of their way to make their system less secure by enabling auto-login.
-- Alex Griffin
/var/log/gdm/greeter.log:
(II) systemd-logind: took control of session /org/freedesktop/login1/session/c82(II) xfree86: Adding drm device (/dev/dri/card0)(II) systemd-logind: got fd for /dev/dri/card0 226:0 fd 13 paused 0(--) PCI:*(0@0:2:0) 8086:5916:8086:2212 rev 2, Mem @ 0xd0000000/16777216, 0xc0000000/268435456, I/O @ 0x00001c00/64, BIOS @ 0x????????/131072(WW) Open ACPI failed (/var/run/acpid.socket) (No such file or directory)
(WW) xf86OpenConsole: VT_ACTIVATE failed: Operation not permitted(EE) Fatal server error:(EE) xf86OpenConsole: Switching VT failed(EE) (EE) Please consult the The X.Org Foundation support at http://wiki.x.org for help. (EE) Please also check the log file at "/var/lib/gdm/.local/share/xorg/Xorg.1.log" for additional information.(EE) (WW) xf86CloseConsole: KDSETMODE failed: Operation not permitted(WW) xf86CloseConsole: VT_SETMODE failed: Operation not permitted(WW) xf86CloseConsole: VT_ACTIVATE failed: Operation not permitted(EE) Server terminated with error (1). Closing log file.Unable to run X server
/var/lib/gdm/.local/share/xorg/Xorg.0.log:
[ 22.122] (II) xfree86: Adding drm device (/dev/dri/card0)[ 22.123] (II) systemd-logind: got fd for /dev/dri/card0 226:0 fd 12 paused 0[ 22.124] (--) PCI:*(0@0:2:0) 8086:5916:8086:2212 rev 2, Mem @ 0xd0000000/16777216, 0xc0000000/268435456, I/O @ 0x00001c00/64, BIOS @ 0x????????/131072[ 22.124] (WW) Open ACPI failed (/var/run/acpid.socket) (No such file or directory)[ 22.159] (EE) xf86OpenConsole: Cannot open virtual console 7 (Permission denied)
/var/log/messages:
Nov 1 09:44:01 localhost dbus-daemon[585]: [system] Activating service name='org.freedesktop.Accounts' requested by ':1.5' (uid=0 pid=636 comm="/gnu/store/4jgjnzy36bpf8csnzafzd9sc44dwjvkl-gdm-3.") (using servicehelper)Nov 1 09:44:01 localhost gdm: Child process -861 was already dead. Nov 1 09:44:02 localhost gdm: GdmDisplay: display lasted 0.403221 seconds Nov 1 09:44:02 localhost vmunix: [ 22.570716] broken atomic modeset userspace detected, disabling atomic
/var/log/secure:
Nov 1 09:44:01 localhost gdm-session-worker: pam_unix(gdm-autologin:session): session opened for user ajgrf by (uid=0)Nov 1 09:44:01 localhost gdm-session-worker: pam_unix(gdm-launch-environment:session): session opened for user gdm by (uid=0)Nov 1 09:44:01 localhost gdm-session-worker: pam_unix(gdm-launch-environment:session): session closed for user gdmNov 1 09:44:01 localhost gdm-session-worker: pam_unix(gdm-autologin:session): session closed for user ajgrf
/var/log/debug:
Nov 1 09:43:55 localhost gdm: Enabling debugging Nov 1 09:43:56 localhost gdm: Changing user:group to gdm:gdm Nov 1 09:43:57 localhost gdm: Successfully connected to D-Bus Nov 1 09:43:58 localhost gdm: GdmManager: GDM starting to manage displays Nov 1 09:43:58 localhost gdm: GdmLocalDisplayFactory: enumerating seats from logind Nov 1 09:44:00 localhost gdm: GdmLocalDisplayFactory: X11 login display for seat seat0 requested Nov 1 09:44:00 localhost gdm: GdmLocalDisplayFactory: Adding display on seat seat0 Nov 1 09:44:01 localhost gdm: GdmDisplay: id: (null) Nov 1 09:44:01 localhost gdm: GdmDisplay: seat id: (null) Nov 1 09:44:01 localhost gdm: GdmDisplay: session class: greeter Nov 1 09:44:01 localhost gdm: GdmDisplay: initial: no Nov 1 09:44:01 localhost gdm: GdmDisplay: allow timed login: yes Nov 1 09:44:01 localhost gdm: GdmDisplay: local: yes Nov 1 09:44:01 localhost gdm: GdmDisplay: seat id: seat0 Nov 1 09:44:01 localhost gdm: GdmDisplay: initial: yes Nov 1 09:44:01 localhost gdm: GdmDisplayStore: Adding display /org/gnome/DisplayManager/Displays/19165744 to store Nov 1 09:44:01 localhost gdm: GdmDisplay: Managing display: /org/gnome/DisplayManager/Displays/19165744 Nov 1 09:44:01 localhost gdm: GdmDisplay: Preparing display: /org/gnome/DisplayManager/Displays/19165744 Nov 1 09:44:01 localhost dbus-daemon[585]: [system] Activating service name='org.freedesktop.Accounts' requested by ':1.5' (uid=0 pid=636 comm="/gnu/store/4jgjnzy36bpf8csnzafzd9sc44dwjvkl-gdm-3.") (using servicehelper)Nov 1 09:44:01 localhost gdm: GdmDisplay: Checking kernel command buffer BOOT_IMAGE=/gnu/store/grdqxrnj6lx4bgczhckbmx0p3fyc8d42-linux-5.3.8/bzImage --root=1f1bdd00-3aa2-476f-8b5d-4a8200737eb9 --system=/gnu/store/v0171qbxgnafq0zgw14ljc600d6b1l84-system --load=/gnu/store/v0171qbxgnafq0zgw14ljc600d6b1l84-system/boot quiet Nov 1 09:44:01 localhost gdm: GdmDisplay: Failed to read kernel commandline: Could not match gnome.initial-setup= in kernel cmdline Nov 1 09:44:01 localhost gdm: doing initial setup? no Nov 1 09:44:01 localhost gdm: GdmDisplay: prepare display Nov 1 09:44:01 localhost gdm: GdmDisplay: Got automatic login details for display: 1 ajgrf Nov 1 09:44:01 localhost gdm: AccountsService: ActUserManager: trying to track new user with username ajgrf Nov 1 09:44:01 localhost gdm: AccountsService: ActUserManager: finding user 'ajgrf' state 1 Nov 1 09:44:01 localhost gdm: AccountsService: ActUserManager: waiting for user manager to load before finding user 'ajgrf' Nov 1 09:44:01 localhost gdm: GdmLocalDisplayFactory: display status changed: 1 Nov 1 09:44:01 localhost gdm: GdmLocalDisplayFactory: received VT change event Nov 1 09:44:01 localhost gdm: GdmLocalDisplayFactory: VT is tty1 at startup Nov 1 09:44:01 localhost gdm: AccountsService: Failed to identify the current session: No data available Nov 1 09:44:01 localhost gdm: AccountsService: ActUserManager: seat unloaded, so trying to set loaded property Nov 1 09:44:01 localhost gdm: AccountsService: ActUserManager: Seat wouldn't load, so giving up on it and setting loaded property Nov 1 09:44:01 localhost gdm: AccountsService: ActUserManager: user manager now loaded, proceeding with fetch user request for user 'ajgrf' Nov 1 09:44:01 localhost gdm: AccountsService: ActUserManager: finding user 'ajgrf' state 2 Nov 1 09:44:01 localhost gdm: AccountsService: ActUserManager: Looking for user 'ajgrf' in accounts service Nov 1 09:44:01 localhost gdm: AccountsService: ActUserManager: already loaded, so not setting loaded property Nov 1 09:44:01 localhost gdm: AccountsService: ActUserManager: Found object path of user 'ajgrf': /org/freedesktop/Accounts/User1000 Nov 1 09:44:01 localhost gdm: AccountsService: ActUserManager: finding user 'ajgrf' state 3 Nov 1 09:44:01 localhost gdm: AccountsService: ActUserManager: user 'ajgrf' fetched Nov 1 09:44:01 localhost gdm: AccountsService: ActUserManager: user ajgrf is now loaded Nov 1 09:44:01 localhost gdm: AccountsService: ActUserManager: user ajgrf was not yet known, adding it Nov 1 09:44:01 localhost gdm: AccountsService: ActUserManager: tracking user 'ajgrf' Nov 1 09:44:01 localhost gdm: AccountsService: ActUserManager: not yet loaded, so not emitting user-added signal Nov 1 09:44:01 localhost gdm: AccountsService: ActUserManager: no pending users, trying to set loaded property Nov 1 09:44:01 localhost gdm: AccountsService: ActUserManager: already loaded, so not setting loaded property Nov 1 09:44:01 localhost gdm: GdmSession: Creating D-Bus server for worker for session Nov 1 09:44:01 localhost gdm: GdmSession: D-Bus server for workers listening on unix:abstract=/tmp/dbus-GXJUTiEa Nov 1 09:44:01 localhost gdm: GdmSession: Creating D-Bus server for greeters and such for session (null) (0x127f160) Nov 1 09:44:01 localhost gdm: GdmSession: D-Bus server for greeters listening on unix:abstract=/tmp/dbus-sgM0OF2T Nov 1 09:44:01 localhost gdm: GdmSession: Setting display device: (null) Nov 1 09:44:01 localhost gdm: GdmSession: Created user session for user 0 on display /org/gnome/DisplayManager/Displays/19165744 (seat seat0) Nov 1 09:44:01 localhost gdm: GdmManager: Starting automatic login conversation Nov 1 09:44:01 localhost gdm: GdmSession: starting conversation gdm-autologin for session (0x127f160) Nov 1 09:44:01 localhost gdm: GdmSessionWorkerJob: Starting worker... Nov 1 09:44:01 localhost gdm: GdmSessionWorkerJob: Running session_worker_job process: gdm-session-worker [pam/gdm-autologin] /gnu/store/4jgjnzy36bpf8csnzafzd9sc44dwjvkl-gdm-3.30.3/libexec/gdm-session-worker Nov 1 09:44:01 localhost gdm: GLib: posix_spawn avoided (fd close requested) (child_setup specified) Nov 1 09:44:01 localhost gdm: GdmSessionWorkerJob: : SessionWorkerJob on pid 843 Nov 1 09:44:01 localhost gdm: AccountsService: ActUserManager: finished handling request for user 'ajgrf' Nov 1 09:44:01 localhost gdm: AccountsService: ActUserManager: unrefing manager owned by fetch user request
P
P
Pierre Neidhardt wrote on 3 Apr 20:26 +0200
control message for bug #40411
(address . control@debbugs.gnu.org)
87369ks9xc.fsf@ambrevar.xyz
merge 40411 35674quit
?