Bug ID: 371067
           Summary: erroneously creates home directories
           Product: kwallet-pam
           Version: 5.5.5
          Platform: Kubuntu Packages
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: general

I am in the process of configuring a system wherein users' home directories are
created via the session pam module However, the module
pam_kwallet*.so creates the home directory before the common-session pam
modules are activated. 

Having pam_kwallet*.so create the home directory results in the home
directories having incorrect permissions and the default copy from /etc/skel/
being ignored. A better solution would be to have the fail
gracefully if the home directory does not exist yet.
I am using SDDM as login/display manager (pam config in additional info). 

Reproducible: Always

Steps to Reproduce:
1. Use sddm (or another display manager with PAM auth set up with pam_kwallet)
to login when no homefolder for said user exists yet

Actual Results:  
pam_kwallet*.so creates the home directory with default umask (distro
dependend) and pretty empty considering it ignores /etc/skel/.

Expected Results:  
pam_kwallet*.so fails gracefully letting the rest of the session stack handle
the creation of the home directory.

I am running the following related packages on kubuntu 16.04.03

SDDM package : 0.13.0-1ubuntu5
libpam-kwallet4: 4:5.5.5-0ubuntu1
libpam-kwallet5: 4:5.5.5-0ubuntu1

/etc/pam.d/sddm contains:


# Block login if they are globally disabled
auth    requisite
auth    required user != root quiet_success

# auth    sufficient user ingroup nopasswdlogin
@include common-auth
# gnome_keyring breaks QProcess
-auth   optional
-auth   optional
-auth   optional

@include common-account

# SELinux needs to be the first session rule.  This ensures that any
# lingering context has been cleared.  Without this it is possible that a
# module could execute code in the wrong domain.
session [success=ok ignore=ignore module_unknown=ignore default=bad] close
# Create a new session keyring.
session optional force revoke
session required
session required
session required
@include common-session
# SELinux needs to intervene at login time to ensure that the process starts
# in the proper default security context.  Only sessions which are intended
# to run in the user's context should be run after this.
session [success=ok ignore=ignore module_unknown=ignore default=bad] open
-session optional auto_start
-session optional auto_start
-session optional auto_start

@include common-password

# From the pam_env man page
# Since setting of PAM environment variables can have side effects to other
modules, this module should be the last one on the stack.

# Load environment from /etc/environment
session required

# Load environment from /etc/default/locale
session required envfile=/etc/default/locale

 in common-session pam_kwallet?.so should fail gracefully if the user home
directory does not yet exist.

You are receiving this mail because:
You are watching all bug changes.

Reply via email to