[Bug 1309535] Re: Running without pam-kwallet installed issues a warning in auth.log
The correct way to fix this issue is not to comment out the lines mentioning kwallet, but to make the modules silent by prepending a '-' (dash) to each line. Example: # /etc/pam.d/lightdm -authoptionalpam_kwallet.so -authoptionalpam_kwallet5.so -session optionalpam_kwallet.so auto_start -session optionalpam_kwallet5.so auto_start Same in /etc/pam.d/lightdm-greeter. This feature is mentioned in the pam.conf(5) manpage: If the type value from the list above is prepended with a - character the PAM library will not log to the system log if it is not possible to load the module because it is missing in the system. This can be useful especially for modules which are not always installed on the system and are not required for correct authentication and authorization of the login session. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1309535 Title: Running without pam-kwallet installed issues a warning in auth.log To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1309535/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1309535] Re: Running without pam-kwallet installed issues a warning in auth.log
I can confirm the problem with `journalctl`: Jan 03 01:05:13 tron lightdm[12730]: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or dire Jan 03 01:05:13 tron lightdm[12730]: PAM adding faulty module: pam_kwallet.so Jan 03 01:05:13 tron lightdm[12730]: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or di Jan 03 01:05:13 tron lightdm[12730]: PAM adding faulty module: pam_kwallet5.so Jan 03 01:05:14 tron lightdm[12841]: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or dire Jan 03 01:05:14 tron lightdm[12841]: PAM adding faulty module: pam_kwallet.so Jan 03 01:05:14 tron lightdm[12841]: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or di Jan 03 01:05:14 tron lightdm[12841]: PAM adding faulty module: pam_kwallet5.so The lines were created during logins, i.e. initial logins or after locking the screen (xflock4) and unlocking it again. The workaround I used was to change /etc/pam.d/lightdm and /etc/pam.d /lightdm-greeter and comment out (#) the following lines (in both files): #authoptionalpam_kwallet.so #authoptionalpam_kwallet5.so ... #session optionalpam_kwallet.so auto_start #session optionalpam_kwallet5.so auto_start So far the systemd log is clear of those loglines. A different workaround would be to simply install the KDE component. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1309535 Title: Running without pam-kwallet installed issues a warning in auth.log To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1309535/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1309535] Re: Running without pam-kwallet installed issues a warning in auth.log
#19 works for me except there are two extra lines and another identical file to change: #authoptionalpam_kwallet.so #authoptionalpam_kwallet5.so #session optionalpam_kwallet.so auto_start #session optionalpam_kwallet5.so auto_start ...are the four lines to comment out. /etc/pam.d/lightdm /etc/pam.d/lightdm-greeter ...are the two files to modify. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1309535 Title: Running without pam-kwallet installed issues a warning in auth.log To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1309535/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1309535] Re: Running without pam-kwallet installed issues a warning in auth.log
I think an *error* message in the logs for a condition that isn't actually an error (not having kwallet installed in this case), is indeed a bug. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1309535 Title: Running without pam-kwallet installed issues a warning in auth.log To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1309535/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1309535] Re: Running without pam-kwallet installed issues a warning in auth.log
Same issue . With LDAP. The pam_wallet error is what shows up in the auth.log - but it is the failure of Lightdm to work that triggers it . Lightdm fails - but if I go to term and do getent or id user it works . If I wait , it works. If the box goes to hibernate , it fails the first time (incorrect LDAP password - which it isn't) and works the second time. It is like lightdm has a second /useless hibernation screen login . If I modify lightdm - I get different failures . My logs and configs and results are the same as all the "lightdm fails" bugs out there . -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1309535 Title: Running without pam-kwallet installed issues a warning in auth.log To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1309535/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1309535] Re: Running without pam-kwallet installed issues a warning in auth.log
I have seen the same thing in 15.04.Looking further, I see that the entire /lib/security directory is missing. So I'm a little curious as to what else is gone. Funny thing is that it was working. I don't know what precipitated the problem. j. rose filed this bug as https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1511824. Thank you, j. rose. Jeff Silverman -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1309535 Title: Running without pam-kwallet installed issues a warning in auth.log To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1309535/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1309535] Re: Running without pam-kwallet installed issues a warning in auth.log
j. rose, please file a new bug for your issue; this bug is about the kwallet warning messages which are confusing but otherwise harmless. Your situation sounds very different. To file the bug, please run: apport-bug lightdm Feel free to copy-and-paste the description, it's a great start. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1309535 Title: Running without pam-kwallet installed issues a warning in auth.log To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1309535/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1309535] Re: Running without pam-kwallet installed issues a warning in auth.log
Six month later I have the same issue. I can't login as ordinary user rose with lightdm. It is an Ubuntu 15.04 for armv7l . At the beginning I saw the issues with kwallet, which is not installed. I commented out the corresponding lines in. I have now: root@odroid6:~# cat /etc/pam.d/lightdm #%PAM-1.0 authrequisite pam_nologin.so authsufficient pam_succeed_if.so user ingroup nopasswdlogin @include common-auth authoptionalpam_gnome_keyring.so #authoptionalpam_kwallet.so @include common-account session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close session requiredpam_limits.so @include common-session session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open session optionalpam_gnome_keyring.so auto_start #session optionalpam_kwallet.so auto_start session requiredpam_env.so readenv=1 session requiredpam_env.so readenv=1 user_readenv=1 envfile=/etc/default/locale @include common-password and root@odroid6:~# cat /etc/pam.d/lightdm-greeter #%PAM-1.0 authrequiredpam_permit.so authoptionalpam_gnome_keyring.so #authoptionalpam_kwallet.so @include common-account session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close session requiredpam_limits.so @include common-session session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open session optionalpam_gnome_keyring.so auto_start #session optionalpam_kwallet.so auto_start session requiredpam_env.so readenv=1 session requiredpam_env.so readenv=1 user_readenv=1 envfile=/etc/default/locale It seems that my password is accepted (login via ssh works perfectly), but with lightdm I get only a black screen with mouse cursor. Login as user odroid which is in group nopasswdlogin with lightdm works too. After trying to login as user rose, I have to login with ssh and kill all processes owned by rose. At the end of /var/log/auth.log I see: Oct 28 19:34:17 odroid6 lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "rose" Oct 28 19:34:26 odroid6 lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm Oct 28 19:34:26 odroid6 lightdm: pam_unix(lightdm:session): session opened for user rose by (uid=0) Oct 28 19:34:26 odroid6 systemd-logind[651]: New session c8 of user rose. Oct 28 19:34:26 odroid6 systemd: pam_unix(systemd-user:session): session opened for user rose by (uid=0) Oct 28 19:35:10 odroid6 systemd-logind[651]: Removed session c6. Oct 28 19:35:10 odroid6 systemd: pam_unix(systemd-user:session): session closed for user lightdm -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1309535 Title: Running without pam-kwallet installed issues a warning in auth.log To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1309535/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1309535] Re: Running without pam-kwallet installed issues a warning in auth.log
Apologist Alexis Wilke says So this is not a bug.. Hogwash, say I. Read that what you're writing yourself with care, dear Alexis. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1309535 Title: Running without pam-kwallet installed issues a warning in auth.log To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1309535/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1309535] Re: Running without pam-kwallet installed issues a warning in auth.log
There is information about KWallet. https://wiki.archlinux.org/index.php/KDE_Wallet It is marked as optional because it is allowed to fail as it does when you are running with Gnome (unity uses Gnome by default). So this is not a bug. You make comment out the lines as shown in #19 but you may regret it if you switch to KUbuntu one day... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1309535 Title: Running without pam-kwallet installed issues a warning in auth.log To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1309535/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1309535] Re: Running without pam-kwallet installed issues a warning in auth.log
A workaround is to comment the following lines: #authoptionalpam_kwallet.so #session optionalpam_kwallet.so auto_start in /etc/pam.d/lightdm file -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1309535 Title: Running without pam-kwallet installed issues a warning in auth.log To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1309535/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1309535] Re: Running without pam-kwallet installed issues a warning in auth.log
** Summary changed: - lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so + Running without pam-kwallet installed issues a warning in auth.log ** Also affects: pam (Ubuntu) Importance: Undecided Status: New ** Changed in: lightdm (Ubuntu) Importance: Undecided = Low ** Changed in: lightdm (Ubuntu) Status: Confirmed = Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1309535 Title: Running without pam-kwallet installed issues a warning in auth.log To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1309535/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1309535] Re: Running without pam-kwallet installed issues a warning in auth.log
This is due to us adding pam_kwallet to the configuration so that KDE could work correctly with LightDM (bug bug 1305307). The warning occurs in Ubuntu because you don't have pam-kwallet installed and PAM warns if a module is not found (even if it is marked optional as in this case). KDE users will have a similar warning about pam_gnome_keyring being missing. The only solutions I can think of are: - Force users to install both libpam-gnome-keyring and pam-kwallet (seems excessive) - Modify PAM not to report the error (but I don't think PAM can really tell if we expected the module to not exist). - Use different PAM configuration for kubuntu/ubuntu (but then you can't log into both from the same install). - ... Give the warning is harmless I'm not proposing taking any action. ** Changed in: pam (Ubuntu) Importance: Undecided = Low ** Changed in: lightdm (Ubuntu) Status: Triaged = Won't Fix ** Changed in: pam (Ubuntu) Status: New = Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1309535 Title: Running without pam-kwallet installed issues a warning in auth.log To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1309535/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
