lightdm 1.0 fails to start with pam_authenticate errorr

Reported by Yves-Alexis Perez on 2011-09-30
42
This bug affects 7 people
Affects Status Importance Assigned to Milestone
Light Display Manager
High
Unassigned

Bug Description

Hey,

it seems that there's a huge issue in lightdm 1.0. It basicaly fails to start with a pam_authenticate error:

[+0.34s] DEBUG: pam_start("lightdm-autologin", "lightdm") -> (0xb16610, 0)
[+0.34s] DEBUG: Starting session lightdm-gtk-greeter as user lightdm logging to /var/log/lightdm/x-0-greeter.log
[+0.34s] DEBUG: Greeter user got prompt, aborting authentication
[+0.34s] DEBUG: pam_authenticate(0xb16610, 0) -> 7 (Authentication failure)
[+0.34s] DEBUG: Greeter user failed authentication

Yves-Alexis Perez (corsac) wrote :
Yves-Alexis Perez (corsac) wrote :

At first sight I'd guess this is related to http://bazaar.launchpad.net/~lightdm-team/lightdm/1.0/revision/1211 but I fail to see exactly the issue, the diff is too large.

Hwoarang (hwoarang) wrote :

Yes same problem for the Gentoo package. autologin is not enabled in lightdm.conf ( all the autologin-* statements are commented out and still the lightdm.log reports autologin failures like those posted in comment #1

dhave (chaslaw) wrote :

I'm having this, too. I run Archlinux.

Paul Parsons (lost-distance) wrote :

I have the same problem.

Possibly related to /etc/pam.d/lightdm-autologin being used instead of /etc/pam.d/lightdm (as in 0.9.8), since if I copy the latter to the former the error message changes from "Authentication failure" to "Conversation error":

[+3.82s] DEBUG: pam_start("lightdm-autologin", "lightdm") -> (0x66b9f0, 0)
[+3.82s] DEBUG: Starting session lightdm-gtk-greeter as user lightdm logging to /var/log/lightdm/x-0-greeter.log
[+3.84s] DEBUG: Greeter user got prompt, aborting authentication
[+3.84s] DEBUG: pam_authenticate(0x66b9f0, 0) -> 19 (Conversation error)
[+3.84s] DEBUG: Greeter user failed authentication

I had originally created /etc/pam.d/lightdm by simply copying /etc/pam.d/wdm, and never needed the lightdm-autologin file until now. It might be useful if the tarball included sample PAM files, or at least documented them.

Downgrading to 0.9.7 on Debian fixes the problem. Even though there is no /etc/pam.d/lightdm-autologin.

Mikhail Kshevetskiy (laska) wrote :

I fix the problem by copying file "/etc/pam.d/gdm3-autologin" from "gdm3"
package to "/etc/pam.d/lightdm-autologin", so I have 2 PAM files

/etc/pam.d/lightdm
/etc/pam.d/lightdm-autologin

similarly to gdm3 package

Balwinder S Dheeman (bdheeman) wrote :

I attempted to try the above said fix from 'laska', but it does no work for me on Debian wheezy/testing the lightdm or greeter hangs forever, until I stop lightdm service from a vt.

Version 0.9.8 is working fine, though the I had use an old greeters/gtk/greeter.ui from 0.9.7

Lionel Le Folgoc (mrpouit) wrote :

Yeah, adding this light-autologin pam service file lets lightdm work back here too… I gave a quick look at the code to try to find the cause of this failure, and here's what I got:

LightDM 0.9.7, in src/display.c, display_init() sets:
  display->priv->pam_service = g_strdup ("lightdm");
and the greeter session started in start_greeter_session() uses the following call:
  authentication = pam_session_new (display->priv->pam_service, user_get_name (user), display->priv->xdisplay);

This was changed in the commit linked above by Yves-Alexis, to:
  authentication = pam_session_new (display->priv->pam_autologin_service, user_get_name (user));
with the autologin service being set in display_init() to:
  display->priv->pam_autologin_service = g_strdup ("lightdm-autologin");

pam_session_new calls pam_start(), with the first argument being the service (here, with "lightdm-autologin" it expects /etc/pam.d/lightdm-autologin which doesn't exist)…

I agree with comment #5, it would be great to have the necessary files needed to make lightdm work included by default (or at least sample files), instead of having to look at the ubuntu packaging for that…

Yves-Alexis Perez (corsac) wrote :

And forcing autologin to be enabled (or at least to ship an autologin pam file) doesn't look nice either.

Yves-Alexis Perez (corsac) wrote :

Ping?

Mikhail Kshevetskiy (laska) wrote :

Hi, looking for Rick Battle comment in discussion of debian bug #643844
i can summarize:

to avoid bug you'll need
1) two PAM files:
    /etc/pam.d/lightdm
   /etc/pam.d/lightdm-autologin (copy of "/etc/pam.d/gdm3-autologin" from gdm3 package )
2) "accountsservice" package to be installed

Yves-Alexis Perez (corsac) wrote :

Those are not fixes, they are workaround, at much.

Blindly changing the PAM configuration without explanation is not acceptable. And adding a hard dep on accountsservice while it was criticized on the mailing list looks like a bug too.

Robert Ancell (robert-ancell) wrote :

There's no hard dependency on AccountsService. There should be both a lightdm and lightdm-autologin pam service installed. I didn't have one in the release previously as this is very distribution specific and I didn't understand PAM well enough at the time. We should have example PAM files, and I'll add some example ones in.

Yves-Alexis Perez (corsac) wrote :

Thanks, that'd be helpful.

On Debian packages I still didn't enable the autologin service (since I didn't yet have time to investigate how exactly does it work and what is needed precisely). If the lightdm-autologin pam config file is still needed even though autologin is not used, is “autologin” a correct name? What exactly are their respective purposes?

Paul Parsons (lost-distance) wrote :

I use Gentoo Linux and so copied its gdm-autologin file to /etc/pam.d/lightdm-autologin to see if it fixed the problem.

lightdm-1.0.0 allowed me to login via the GTK greeter once. After exiting the window manager (openbox) the GTK greeter did not re-appear and I had to ctrl-alt-del to reboot the machine. I don't know whether this is a new bug or whether it is related to the autologin file. Reverting to 0.9.8 fixed everything.

Gentoo users can find its gdm-autologin file here:
http://distfiles.gentoo.org/distfiles/gdm-2.20.9-gentoo-files-r1.tar.bz2
(or alternatively fetch the gnome-base/gdm files via portage)

Yves-Alexis Perez (corsac) wrote :

Still present in 1.0.1

Changed in lightdm:
importance: Undecided → High
status: New → Triaged
Robert Ancell (robert-ancell) wrote :

The greeter was using the autologin keyring as I though that was stopping the greeters being correctly authorised. I've confirmed it localizes without this, so I have reverted this change for 1.0.2

Changed in lightdm:
status: Triaged → Fix Committed
Changed in lightdm:
status: Fix Committed → Fix Released
Yves-Alexis Perez (corsac) wrote :

Yup, seems to work fine in 1.0.2 even without autologin pam file.

Doc (cufalo) wrote :

Bug fixed in Debian Sid with last upgrade, but the bug reported in comment #16 still remains.

If you agree, we might as well open a new bug report.

Tommy_CZ (t-kijas) wrote :

I am experiencing this too, lightdm 1.2.3-0ubuntu2.2 in Ubuntu 12.04.2 64bit ends with disabled screen.
When I boot without "quick and splash" options I can boot into tty1 and enable gdm without problems.
Lightdm although cannot still be enabled.
It is one day fresh installation of ubuntu, up-to-date.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments