I am in the process of configuring a system wherein users' home directories are created via the session pam module pam_mkhomedir.so. However, the module pam_kwallet*.so creates the home directory before the common-session pam modules are activated. Having pam_kwallet*.so create the home directory results in the home directories having incorrect permissions and the default copy from /etc/skel/ being ignored. A better solution would be to have the pam_kwallet.so fail gracefully if the home directory does not exist yet. I am using SDDM as login/display manager (pam config in additional info). Reproducible: Always Steps to Reproduce: 1. Use sddm (or another display manager with PAM auth set up with pam_kwallet) to login when no homefolder for said user exists yet Actual Results: pam_kwallet*.so creates the home directory with default umask (distro dependend) and pretty empty considering it ignores /etc/skel/. Expected Results: pam_kwallet*.so fails gracefully letting the rest of the session stack handle the creation of the home directory. I am running the following related packages on kubuntu 16.04.03 SDDM package : 0.13.0-1ubuntu5 libpam-kwallet4: 4:5.5.5-0ubuntu1 libpam-kwallet5: 4:5.5.5-0ubuntu1 /etc/pam.d/sddm contains: #%PAM-1.0 # Block login if they are globally disabled auth requisite pam_nologin.so auth required pam_succeed_if.so user != root quiet_success # auth sufficient pam_succeed_if.so user ingroup nopasswdlogin @include common-auth # gnome_keyring breaks QProcess -auth optional pam_gnome_keyring.so -auth optional pam_kwallet.so -auth optional pam_kwallet5.so @include common-account # SELinux needs to be the first session rule. This ensures that any # lingering context has been cleared. Without this it is possible that a # module could execute code in the wrong domain. session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close # Create a new session keyring. session optional pam_keyinit.so force revoke session required pam_limits.so session required pam_loginuid.so session required pam_systemd.so @include common-session # SELinux needs to intervene at login time to ensure that the process starts # in the proper default security context. Only sessions which are intended # to run in the user's context should be run after this. session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open -session optional pam_gnome_keyring.so auto_start -session optional pam_kwallet.so auto_start -session optional pam_kwallet5.so auto_start @include common-password # From the pam_env man page # Since setting of PAM environment variables can have side effects to other modules, this module should be the last one on the stack. # Load environment from /etc/environment session required pam_env.so # Load environment from /etc/default/locale session required pam_env.so envfile=/etc/default/locale in common-session pam_kwallet?.so should fail gracefully if the user home directory does not yet exist.
I forgot tho mention that removing libpam-kwallet4/5 resolves my problem and so does removing the following lines from the /etc/pam.d/sddm configuration: -auth optional pam_kwallet.so -auth optional pam_kwallet5.so
Related: https://bugs.mageia.org/show_bug.cgi?id=16143 S
Thank you for reporting this bug in KDE software. As it has been a while since this issue was reported, can we please ask you to see if you can reproduce the issue with a recent software version? If you can reproduce the issue, please change the status to "REPORTED" when replying. Thank you!
Dear Bug Submitter, This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information as soon as possible and set the bug status as REPORTED. Due to regular bug tracker maintenance, if the bug is still in NEEDSINFO status with no change in 30 days the bug will be closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging If you have already provided the requested information, please mark the bug as REPORTED so that the KDE team knows that the bug is ready to be confirmed. Thank you for helping us make KDE software even better for everyone!
This bug has been in NEEDSINFO status with no change for at least 30 days. The bug is now closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging Thank you for helping us make KDE software even better for everyone!