Created attachment 113617 [details] /etc/pam.d/sddm on k/ubuntu 18.04 Hi folks, I'm running k/ubuntu 18.04, and using pam to do ldap authenticated logins. As part of this process, for each user I need to create my default environment from /etc/skel/ What Happened: When I login, the home dir is created without the contents of /etc/skel What I expect to Happen: When I login, the home dir is created *with* the contents of /etc/skel How to recreate the problem: 1. Enable the pam_mkhomedir.so according to your platform requirements - on ubuntu, I use a config in /usr/share/pam-configs/ and run sudo pam-auth-update to apply it to the various /etc/pam.d/common-* files 2. Login to an account that doesn't have any home dir created yet 3. Verify that files from /etc/skel/ have not been copied (.bashrc is a really obvious one) Extra Investigation Notes: * This came about because sddm pulls in an /etc/pam.d/sddm config (attached), which has a couple of pam_kwallet*.so entries. * This bug report against sddm suggested a workaround which involved removing all the pam_kwallet*.so entries and adding the pam_mkhomedir entry manually (I verified this works): https://github.com/sddm/sddm/issues/769 * in order to verify separation from sddm, I load the pam_kwallet5.so in common-[auth,session] instead of the sddm config. I use a different display manager (gdm3) and pam_mkhomedir.so fails to run. If I disable the kwallet entries and login using gdm3, pam_mkhomedir.so runs (in gdm3 it gives you a status message).
*** This bug has been marked as a duplicate of bug 392913 ***
(In reply to Kai Uwe Broulik from comment #1) > > *** This bug has been marked as a duplicate of bug 392913 *** This has nothing to do with the duplicate you've marked
This should be fixed in pam_kwallet 5.13.0 - not sure why it wasn't added to Plasma/5.12. Can you build pam_kwallet with https://cgit.kde.org/kwallet-pam.git/commit/?id=06760eed821f5383d03dc83a9a077a377ba39541 to confirm that it's fixed or try pam_kwallet 5.13.x? Should be relatively easy, pam_kwallet has no dependencies on other parts of Plasma.
(In reply to Fabian Vogt from comment #3) > This should be fixed in pam_kwallet 5.13.0 - not sure why it wasn't added to > Plasma/5.12. > > Can you build pam_kwallet with > https://cgit.kde.org/kwallet-pam.git/commit/ > ?id=06760eed821f5383d03dc83a9a077a377ba39541 to confirm that it's fixed or > try pam_kwallet 5.13.x? Should be relatively easy, pam_kwallet has no > dependencies on other parts of Plasma. Hi Fabian, Thanks for this tidbit - I did give it a test last week with this patch, and it has resolved the issue. My apologies for the slow reply!
It's not fixed - that commit is not in 5.12.x. @aacid: Any reason in particular it was only submitted for 5.13?
(In reply to Fabian Vogt from comment #5) > It's not fixed - that commit is not in 5.12.x. > > @aacid: Any reason in particular it was only submitted for 5.13? I guess i found it to be corner case-y and not warranted a backport since there's always the risk/benefit calculation you have to do when backporting something to a LTS branch. I've no idea how common this scenario and how "live-tested" we can say my new code is to say "yes it doesn't seem to cause regressions let's bring it to 5.12 since it's an important fix" I guess that'd would be more a question for the Plasma maintainers than for me, I really don't follow the Plasma development much and don't know what are the guidelines for backporting patches.
(In reply to Albert Astals Cid from comment #6) > (In reply to Fabian Vogt from comment #5) > > It's not fixed - that commit is not in 5.12.x. > > > > @aacid: Any reason in particular it was only submitted for 5.13? > > I guess i found it to be corner case-y and not warranted a backport since > there's always the risk/benefit calculation you have to do when backporting > something to a LTS branch. > > I've no idea how common this scenario and how "live-tested" we can say my > new code is to say "yes it doesn't seem to cause regressions let's bring it > to 5.12 since it's an important fix" * sddm is shipping with a default config which uses pam_kwallet*.so * I expect most enterprise deployments will use the libpam_mkhomedir.so module ie Most enterprise deployments shipping vanilla-ish KDE which, from my perspective of course, isn't really a corner case :P
I understand your use case seems common to you, because it's your use case to you it happens 100% of the time, but no one reported this before. That's why I am asking someone from the Plasma side to answer whether we want to backport this fixes or not. Pretty please?
(In reply to Albert Astals Cid from comment #8) > I understand your use case seems common to you, because it's your use case > to you it happens 100% of the time, but no one reported this before. I fully understand, I was being funny (at least, attempting to be) :P > That's why I am asking someone from the Plasma side to answer whether we > want to backport this fixes or not. Pretty please? Just to confirm, are you asking me to ask the question to the plasma maintainers? Or have you asked the question to the maintainers already? Or are you asking if someone else knows how to ask the plasma maintainers?
> That's why I am asking someone from the Plasma side to answer whether we want to backport this fixes or not. Pretty please? yes please.
(In reply to David Edmundson from comment #10) > > That's why I am asking someone from the Plasma side to answer whether we want to backport this fixes or not. Pretty please? > > yes please. Thanks for confirmation :) I'm away from a computer until next week and then i have to take care of KDE Applications 18.08 branching, but it is my understanding that next Plasma 5.12 release is not until september so i should be on time for that :)
Pushed to Plasma 5.12 branch https://cgit.kde.org/kwallet-pam.git/commit/?h=Plasma/5.12&id=3dc73747c16f7d732e1d47a634c9e1875c3f4bfe
Thanks all :)