Am 21.09.23 um 12:02 schrieb Petter Reinholdtsen: > [Guido Berhoerster] >> When logging in with LightDM the first login always fails due to a >> discrepancy between the the home directory obtained from LDAP via >> getpwent() and the newly created home directory. Specifically, the >> LightDM daemon communicates the absolute path of the Xauthority file to >> the session child process and sets the HOME environment variable to the >> value obtained via getpwent() and uses that value to change the working >> directory, all resulting in fatal errors. > > There used to be code in libpam-mklocaluser to throw the user out after > the home directory is created, to ensure that the user is not logged in > with the wrong $HOME set. Is this not happening with LightDM? Because > $HOME change after some processes read it, it is not possible to both > create the local home directory and continue with the login. > > Or are you talking about being thrown out by libpam-mklocaluser when > logging in for the first time? This is by design and intented due to > the protocol provided by PAM.
No, I'm not talking about either. libpam-mklocaluser does not intentionally fail the first login, rather in case of LightDM there is a cascade of errors due to its assumption that the home directory stays the same when the PAM session is opened as well as the daemon hardcoding the Xauthority file path to <passwd->pw_dir>/.Xauthority and passing that to the session child. Both can be fixed and I have a patch for LightDM. That leaves the systemd user instance and services started by it (e.g. DBus, pipewire, gnome-keyring on MATE). That can be fixed by giving the libpam-mklocaluser PAM config a higher priority than everything else so that getpwent() and $HOME from PAM point to the correct directory. At least with LightDM and MATE I have a working first login where all processes have the correct HOME. -- Guido Berhoerster
