Elogind v239.1 Devuan/Debian combined source

Mark Hindley mark at hindley.org.uk
Tue Nov 13 19:23:54 GMT 2018


On Tue, Nov 13, 2018 at 08:01:32PM +0100, Andreas Messer wrote:
> >  ln -s /lib/DEB_HOST_MULTIARCH/security/pam_elogind.so /lib/DEB_HOST_MULTIARCH/security/pam_systemd.so
> 
> Ah, sorry. So probably you did not enable pam_elogind module? You should
> not link like that. Modules should be loaded by PAM as defined
> per config /etc/pam.

AFAICS, it is enabled and appears in the automatic section of common-session.

However, various /etc/pam.d files (runuer-1 and lightdm-greeter on my basic
install) still reference pam_systemd.so directly or depend libpam-systemd. I
suspect some of them have pam_systemd.so compiled into them.

I fully realise this is a kludge, and we will need to fix the packages that use
pam_systemd directly but the only other option is to recompile everything
against libelogind. Devuan has done that and it is fabulous. But that won't work
for Debian.

> The problem here is, that only one of pam_systemd or pam_elogind can be
> active at a time. (If one is active, the other will detect this and not
> work)

pam_systemd isn't installed -- we are faking it with the -compat package

> On devuan "debian/libpam-elogind.postinst" together with
> with debian/extra/pam-configs will automatically activate
> libpam_elogind.so in PAM when installed. But when libpam_systemd.so was 
> available before, this automatic activation might fail.
> 
> It can be manually activated with command "pam-auth-update"
> 
> You can check /etc/pam/common-session after installing libpam-elogind
> it should have a line "session optional libpam_elogind.so" and not any of
> - "session optional libpam_systemd.so" or 
> - "session optional libpam_consolekit.so"

cat /etc/pam.d/common-session
#
# /etc/pam.d/common-session - session-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive).
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
session	[default=1]			pam_permit.so
# here's the fallback if no module succeeds
session	requisite			pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session	required			pam_permit.so
# and here are more per-package modules (the "Additional" block)
session	required	pam_unix.so 
session	optional			pam_elogind.so 
# end of pam-auth-update config

Mark




More information about the Debian-init-diversity mailing list