Public bug reported:
ii lightdm 1.18.3-0ubuntu amd64 Display Manager
VERSION="16.04.6 LTS (Xenial Xerus)"
Running with XFCE installed, I see the following in /var/log/auth.log:
May 21 15:52:09 lightdm: PAM unable to dlopen(pam_kwallet.so):
/lib/security/pam_kwallet.so: cannot open shared object file: No such file or
directory
May 21 15:52:09 lightdm: PAM adding faulty module: pam_kwallet.so
May 21 15:52:09 lightdm: PAM unable to dlopen(pam_kwallet5.so):
/lib/security/pam_kwallet5.so: cannot open shared object file: No such file or
directory
May 21 15:52:09 lightdm: PAM adding faulty module: pam_kwallet5.so
These can be avoided by prefixing the optional components in
/etc/pam.d/lightdm (and lightdm-greeter) by a "-" as follows:
#%PAM-1.0
auth requisite pam_nologin.so
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
@include common-auth
-auth optional pam_gnome_keyring.so
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad]
pam_selinux.so close
#session required pam_loginuid.so
session required pam_limits.so
@include common-session
session [success=ok ignore=ignore module_unknown=ignore default=bad]
pam_selinux.so open
-session optional pam_gnome_keyring.so auto_start
-session optional pam_kwallet.so auto_start
-session optional pam_kwallet5.so auto_start
session required pam_env.so readenv=1
session required pam_env.so readenv=1 user_readenv=1
envfile=/etc/default/locale
@include common-password
>From man pam.conf:
If the type value from the list above is prepended with a - character
the PAM library will not log to the system log if it is not possible to
load the module because it is missing in the system. This can be useful
especially for modules which are not always installed on the system and
are not required for correct authentication and authorization of the
login session.
Also, isn't it required to have:
-auth optional pam_kwallet.so
for pam_kallet to work, as it needs access to the password?
** Affects: lightdm (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1830079
Title:
PAM errors logged when pam_kwallet is not installed
Status in lightdm package in Ubuntu:
New
Bug description:
ii lightdm 1.18.3-0ubuntu amd64 Display Manager
VERSION="16.04.6 LTS (Xenial Xerus)"
Running with XFCE installed, I see the following in /var/log/auth.log:
May 21 15:52:09 lightdm: PAM unable to dlopen(pam_kwallet.so):
/lib/security/pam_kwallet.so: cannot open shared object file: No such file or
directory
May 21 15:52:09 lightdm: PAM adding faulty module: pam_kwallet.so
May 21 15:52:09 lightdm: PAM unable to dlopen(pam_kwallet5.so):
/lib/security/pam_kwallet5.so: cannot open shared object file: No such file or
directory
May 21 15:52:09 lightdm: PAM adding faulty module: pam_kwallet5.so
These can be avoided by prefixing the optional components in
/etc/pam.d/lightdm (and lightdm-greeter) by a "-" as follows:
#%PAM-1.0
auth requisite pam_nologin.so
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
@include common-auth
-auth optional pam_gnome_keyring.so
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad]
pam_selinux.so close
#session required pam_loginuid.so
session required pam_limits.so
@include common-session
session [success=ok ignore=ignore module_unknown=ignore default=bad]
pam_selinux.so open
-session optional pam_gnome_keyring.so auto_start
-session optional pam_kwallet.so auto_start
-session optional pam_kwallet5.so auto_start
session required pam_env.so readenv=1
session required pam_env.so readenv=1 user_readenv=1
envfile=/etc/default/locale
@include common-password
From man pam.conf:
If the type value from the list above is prepended with a - character
the PAM library will not log to the system log if it is not possible
to load the module because it is missing in the system. This can be
useful especially for modules which are not always installed on the
system and are not required for correct authentication and
authorization of the login session.
Also, isn't it required to have:
-auth optional pam_kwallet.so
for pam_kallet to work, as it needs access to the password?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1830079/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
