diff options
Diffstat (limited to 'zarb-ml/mageia-discuss/20120413/007017.html')
| -rw-r--r-- | zarb-ml/mageia-discuss/20120413/007017.html | 172 |
1 files changed, 172 insertions, 0 deletions
diff --git a/zarb-ml/mageia-discuss/20120413/007017.html b/zarb-ml/mageia-discuss/20120413/007017.html new file mode 100644 index 000000000..84db38ea4 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120413/007017.html @@ -0,0 +1,172 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-discuss] beta2 woes and no graphical root (tonyb) + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20beta2%20woes%20and%20no%20graphical%20root%20%28tonyb%29&In-Reply-To=%3C4F88423A.4030003%40roadrunner.com%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="007015.html"> + <LINK REL="Next" HREF="007018.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-discuss] beta2 woes and no graphical root (tonyb)</H1> + <B>Frank Griffin</B> + <A HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20beta2%20woes%20and%20no%20graphical%20root%20%28tonyb%29&In-Reply-To=%3C4F88423A.4030003%40roadrunner.com%3E" + TITLE="[Mageia-discuss] beta2 woes and no graphical root (tonyb)">ftg at roadrunner.com + </A><BR> + <I>Fri Apr 13 17:11:54 CEST 2012</I> + <P><UL> + <LI>Previous message: <A HREF="007015.html">[Mageia-discuss] beta2 woes and no graphical root (tonyb) +</A></li> + <LI>Next message: <A HREF="007018.html">[Mageia-discuss] Handbooks - the lot +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#7017">[ date ]</a> + <a href="thread.html#7017">[ thread ]</a> + <a href="subject.html#7017">[ subject ]</a> + <a href="author.html#7017">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>On 04/13/2012 09:33 AM, Oliver Burger wrote: +><i> And as I did say in this thread. I don't see any action by our KDE +</I>><i> team to this effect. Ok, I only scanned over the patches, but I read +</I>><i> the changelog and I saw no sign of anyone patching KDM to ignore it. +</I>><i> So be annoyed with KDE upstream for this change, not with our KDE +</I>><i> maintainers. +</I>><i> +</I>><i> Of course if someone does find a patch on our side, that does it, feel +</I>><i> free to correct me. +</I> +OK, just to be definitive, I activated KDM, set AllowRootLogin to true, +and tried and failed to login as root. However, KDM may not be the +culprit. From /var/log/auth.log: + +Here's me logging on as root from a tty to do "service dm restart" (I +was previously using GDM): + +Apr 13 10:13:18 localhost login: pam_tcb(login:auth): Authentication +passed for root from LOGIN(uid=0) +Apr 13 10:13:18 localhost login: pam_tcb(login:session): Session opened +for root by root(uid=0) +Apr 13 10:13:18 localhost login: ROOT LOGIN ON tty3 +Apr 13 10:13:23 localhost polkitd(authority=local): Unregistered +Authentication Agent for +unix-session:/org/freedesktop/ConsoleKit/Session3 (system bus name +:<i>1.320, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, +</I>locale en_US.UTF-8) (disconnected from bus) + +Now here's two attempts at graphical login as root, followed by a +successful one as ftg: + +Apr 13 10:13:38 localhost kdm: :0[22087]: pam_succeed_if(kdm:auth): +requirement "user ingroup nopasswdlogin" not met by user "root" +Apr 13 10:13:38 localhost kdm: :0[22087]: pam_tcb(kdm:auth): +Authentication passed for root from (uid=0) +Apr 13 10:13:47 localhost kdm: :0[22087]: pam_succeed_if(kdm:auth): +requirement "user ingroup nopasswdlogin" not met by user "root" +Apr 13 10:13:47 localhost kdm: :0[22087]: pam_tcb(kdm:auth): +Authentication passed for root from (uid=0) +Apr 13 10:13:58 localhost kdm: :0[22087]: pam_succeed_if(kdm:auth): +requirement "user ingroup nopasswdlogin" not met by user "ftg" +Apr 13 10:13:58 localhost kdm: :0[22087]: pam_tcb(kdm:auth): +Authentication passed for ftg from (uid=0) +Apr 13 10:13:58 localhost kdm: :0[22087]: pam_tcb(kdm:session): Session +opened for ftg by ftg(uid=0) + +Note that in the tty login for root and the graphical login for ftg, +there are pam_tcb(kdm:session) entries, while there are none for the +failed graphical root logins. + +It's still possible that this is being done by KDM, but googling turns +up nothing about AllowRootLogin being dropped by upstream. On the +contrary, "true" is the default on OpenSUSE and you can find here: + +<A HREF="http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7007124&sliceId=1&docTypeID=DT_TID_1_1">http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7007124&sliceId=1&docTypeID=DT_TID_1_1</A> + +an open bug in the Novell bugtracker complaining that root login is +still possible even if you set AllowRootLogin to false, because some +SUSE-specific script sets it back to true. + +So, I don't think this was an upstream KDM change. From the above, it's +probably something in pam, so let's look there: + +[<A HREF="https://www.mageia.org/mailman/listinfo/mageia-discuss">root at ftgme2</A> ftg]# cat /etc/pam.d/kdm +#%PAM-1.0 +auth required pam_env.so +auth required pam_succeed_if.so user != root quiet +auth sufficient pam_succeed_if.so user ingroup nopasswdlogin +auth substack system-auth +account required pam_nologin.so +account include system-auth +password include system-auth +session optional pam_keyinit.so force revoke +session required pam_loginuid.so +session include system-auth +session optional pam_console.so +session required pam_namespace.so +[<A HREF="https://www.mageia.org/mailman/listinfo/mageia-discuss">root at ftgme2</A> ftg]# + +Well. well. Turns out this file is owned by mageia-kde4-config-common. +And it also turns out that if you comment out that third line, graphical +root login works just fine. + +Looking in the changelog, one finds: + + * Thu Sep 22 2011 mikala <mikala> 2-0.20110921.1.mga2 + + Revision: 146549 + - Use directory.trash to create the trash.desktop & remove SOURCE4 + - Fix rpmlint warnings + - use dolphin as a temporary workaround for Home2.desktop + - Switch to oxygen instead of iaora for Default & Netbook +config file + - Add pam files for kdm,kcheckpass & kscreensaver in common +config file + - Update version to 2 (we're on Mageia 2) + - Add mgabutton as symlink for start-here-kde in the vanilla +theme to have the ?\194?\171 upstream ?\194?\187 icon since we're +patching kdebase4-workspace + - Fix Provides for common package + - Update tarball to fix default kdm & ksplash for vanilla flavour + - Use correct prefix for vanilla + - Follow luc menut suggestion for kde prefix use + - More progress on vanilla flavour : + - move configurations files from common to Default/netbook flavors + - remove useless configuration files + - sync dolphinuirc with upstream + - fix alternatives for kde4-config & kdm-config vanilla flavour + +Unfortunately, this doesn't say which package owned the pam files before +that, so it's unclear whether they were changed before this. + +So the OP wasn't dreaming, this wasn't an upstream policy change, and it +was a deliberate decision on somebody's part here. And now you know how +to disable it if you want. +</PRE> + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="007015.html">[Mageia-discuss] beta2 woes and no graphical root (tonyb) +</A></li> + <LI>Next message: <A HREF="007018.html">[Mageia-discuss] Handbooks - the lot +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#7017">[ date ]</a> + <a href="thread.html#7017">[ thread ]</a> + <a href="subject.html#7017">[ subject ]</a> + <a href="author.html#7017">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-discuss">More information about the Mageia-discuss +mailing list</a><br> +</body></html> |