| 1 |
On Feb 5, 2014 6:23 PM, "walt" <w41ter@×××××.com> wrote: |
| 2 |
[ snip ] |
| 3 |
> I am seat0 (I forgot about loginctl, thanks) but I'm not sure what you |
| 4 |
> mean by "enabled in /etc/pam.d". Many months ago I remember being |
| 5 |
confused |
| 6 |
> by the last line of system-auth: |
| 7 |
> |
| 8 |
> #cat /etc/pam.d/system-auth |
| 9 |
> auth required pam_env.so |
| 10 |
> auth sufficient pam_ssh.so |
| 11 |
> auth required pam_unix.so try_first_pass likeauth nullok |
| 12 |
> auth optional pam_permit.so |
| 13 |
> |
| 14 |
> account required pam_unix.so |
| 15 |
> account optional pam_permit.so |
| 16 |
> |
| 17 |
> password required pam_cracklib.so difok=2 minlen=8 |
| 18 |
dcredit=2 ocredit=2 retry=3 |
| 19 |
> password required pam_unix.so try_first_pass use_authtok |
| 20 |
nullok sha512 shadow |
| 21 |
> password optional pam_permit.so |
| 22 |
> |
| 23 |
> session optional pam_ssh.so |
| 24 |
> session required pam_limits.so |
| 25 |
> session required pam_env.so |
| 26 |
> session required pam_unix.so |
| 27 |
> session optional pam_permit.so |
| 28 |
> -session optional pam_systemd.so |
| 29 |
> |
| 30 |
> I don't understand the meaning of the '-' in the last line. I didn't |
| 31 |
> put it there, except possibly by accident when falling asleep at the |
| 32 |
> keyboard :) |
| 33 |
|
| 34 |
The - is to make it optional; if the pam_systemd.so module is not |
| 35 |
available, the - makes it so it is not a failure. |
| 36 |
|
| 37 |
I'm more concerned about you being seat0, and you being asked for a |
| 38 |
password. In theory that's what logind solves, and in a much more cleaner, |
| 39 |
race-free and deterministic way than ConsoleKit. |
| 40 |
|
| 41 |
Do you have systemd with the policykit USE flag? And polkit with the |
| 42 |
systemd USE flag? (I suppose the later must have it). |
| 43 |
|
| 44 |
If you do, can you please show us the output (make sure to do this inside |
| 45 |
your DE session) from: |
| 46 |
|
| 47 |
• loginctl seat-status |
| 48 |
|
| 49 |
For example, mine shows: |
| 50 |
|
| 51 |
seat0 |
| 52 |
Sessions: *1 |
| 53 |
Devices: |
| 54 |
├─/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input5 |
| 55 |
│ input:input5 "Power Button" |
| 56 |
|
| 57 |
├─/sys/devices/LNXSYSTM:00/device:00/PNP0A08:00/LNXVIDEO:01/input/input14 |
| 58 |
│ input:input14 "Video Bus" |
| 59 |
|
| 60 |
├─/sys/devices/LNXSYSTM:00/device:00/PNP0C0C:00/input/input3 |
| 61 |
│ input:input3 "Power Button" |
| 62 |
|
| 63 |
├─/sys/devices/LNXSYSTM:00/device:00/PNP0C0D:00/input/input4 |
| 64 |
│ input:input4 "Lid Switch" |
| 65 |
├─/sys/devices/pci0000:00/0000:00:02.0/drm/card0 |
| 66 |
│ drm:card0 |
| 67 |
├─/sys/devices/pci0000:00/0000:00:02.0/graphics/fb0 |
| 68 |
│ [MASTER] graphics:fb0 "inteldrmfb" |
| 69 |
etc. |
| 70 |
|
| 71 |
As you can see, the seat0 owns the Power Button, the Video Bus, the Lid |
| 72 |
Switch, etc. If you own them, then you don't need authentication to use |
| 73 |
them. |
| 74 |
|
| 75 |
Regards. |
| 76 |
-- |
| 77 |
Canek Peláez Valdés |
| 78 |
Posgrado en Ciencia en Ingeniería de la Computación |
| 79 |
Universidad Nacional Autónoma de México |
Archives