From debbugs-submit-bounces@debbugs.gnu.org Mon May 13 10:25:10 2019 Received: (at 35674) by debbugs.gnu.org; 13 May 2019 14:25:11 +0000 Received: from localhost ([127.0.0.1]:45871 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hQBt8-0003Vq-0R for submit@debbugs.gnu.org; Mon, 13 May 2019 10:25:10 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:37387) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hQBt3-0003V4-GY for 35674@debbugs.gnu.org; Mon, 13 May 2019 10:25:06 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 392A0225F5; Mon, 13 May 2019 10:25:00 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Mon, 13 May 2019 10:25:00 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; bh=KZREgvsKmIrMzu+m3ekbcQ5CHkOed3CDX7EXZvk17NQ=; b=MeBB2auO Gyru28t5oK8BJYSckVMwhSYBeYXwS8zoC2hS/NFAeVkAu6oPy1TQL+GSsPt5pQ5w qUrC81G39le51fGhsjxwGcGKgZk4zLjZDbjXawDH9K60FS4MKueUE5AIy966PIlA hwLwOULFoiKsy+gJMRbhnF3hHIYDEr6wUi15ZEHEUdLIYtTAFHZwmoRZBpHuCQCn GVZiYpQKmnrxnzlRkdDydxz4vzoAZWlSqp76URTa0elJNuBnuWRO54hnB/+KEO9e 470fU11zqskgXy9cBvITUMw0MjAkbSYyGM6fQHf/YEyBysf5ae++oeTw+DUDMcKM 6yzo4rvVjtB1ng== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrleeggdejhecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephffvufhffffkfgggtgfgsehtqhertd dtreejnecuhfhrohhmpefvihhmohhthhihucfurghmphhlvgcuoehsrghmphhlvghtsehn ghihrhhordgtohhmqeenucfkphepjeegrdduudeirddukeeirdeggeenucfrrghrrghmpe hmrghilhhfrhhomhepshgrmhhplhgvthesnhhghihrohdrtghomhenucevlhhushhtvghr ufhiiigvpedt X-ME-Proxy: Received: from mrblack (74-116-186-44.qc.dsl.ebox.net [74.116.186.44]) by mail.messagingengine.com (Postfix) with ESMTPA id DBA63103D0; Mon, 13 May 2019 10:24:58 -0400 (EDT) From: Timothy Sample To: 35674@debbugs.gnu.org Subject: Re: bug#35674: GDM auto-login doesn't work References: <87bm0arosc.fsf@elephly.net> Date: Mon, 13 May 2019 10:24:58 -0400 Message-ID: <87ftpiv3d1.fsf@ngyro.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 35674 Cc: Ricardo Wurmus , Alex Griffin X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hello, Ricardo Wurmus writes: > Hi Alex, > >> After configuring Guix to enable GDM auto-login, I am still presented >> with a password prompt upon booting my machine. I'm not sure whether >> it's a bug in Guix or something I'm doing wrong, so I've attached the >> configuration I'm using just in case. > > I have observed the same problem. It=E2=80=99s not something you=E2=80= =99re doing wrong. I noticed recently that GDM stopped reading its configuration file. I pushed a430a3501a6d3a565cb78e04a8dbb3ab846ec5fc, which fixes that problem, but unfortunately does not fix auto-login. If I turn on debugging output, I can see that the issue has to do with the way PAM is configured. Digging a little deeper, I found that our auto-login PAM service is auth [success=3Dok default=3D1] pam_gdm.so auth sufficient pam_permit.so What this means is that if =E2=80=9Cpam_gdm.so=E2=80=9D is not successful, = the =E2=80=9Cpam_permit.so=E2=80=9D line will be skipped, and auto-login will n= ot work. The =E2=80=9Cpam_gdm.so=E2=80=9D module does some sort of cached password looku= p using the =E2=80=9Ckeyutils=E2=80=9D library (presumably for an encrypted home direct= ory). Our build of GDM does not support this (we don=E2=80=99t include =E2=80=9Ckeyut= ils=E2=80=9D in its inputs), so the module never succeeds. As a result, auto-login fails. It looks like this particular way of doing things was cribbed from Red Hat, where the module that gets skipped by =E2=80=9Cdefault=3D1=E2=80=9D is =E2=80=9Cpam_gnome_keyring.so=E2=80=9D (and not =E2=80=9Cpam_permit.so=E2= =80=9D). Other distros simply mark it as optional. I suggest we either omit the first rule, since it will never do anything anyway, or follow other distros and change its control field to =E2=80=9Coptional=E2=80=9D. My experience with PAM is limited, so I would appreciate a second opinion before committing anything. -- Tim