Bug 1174366
| Summary: | Automount of ~/Private does not work after upgrading from F20 to F21 | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Piergiorgio Sartor <piergiorgio.sartor> |
| Component: | gdm | Assignee: | Ray Strode [halfline] <rstrode> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | urgent | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 21 | CC: | Brandon, bugzilla.redhat.com, d.fedora, drago01, esandeen, mhlavink, redhat-bugzilla, rstrode, theo148, timok, tmraz |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | gdm-3.14.1-2.fc21 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-01-17 23:58:20 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1183090 | ||
| Bug Blocks: | |||
|
Description
Piergiorgio Sartor
2014-12-15 18:02:26 UTC
GDM owner: Short version: New GDM in Fedora 21 changed content of PAM configuration which broke things, please add it back. Long version: A long time ago, pam added postlogin pam config, which was designed to be the place where other services can add their hooks if they need to do something during auhtentication or session creation. Before it, it was ugly mess, as services had to add their hooks to too many places and it often broke a thing or two. With postlogin, everyone can decide where exactly it can call postlogin, where it is safe a won't affect the logic. This (postlogin) is used for example for ecryptfs-utils for automatic home or Private folder decryption. It makes sure that it gets automatically decrypted when user authenticates and new session is created. GDM in Fedora 21 removed postlogin and home directory does not decrypt for user when he logs in. I guess that there is already enough information on this. Just to be sure, I add my experience as well: Login via GDM (I am using Gnome) fails for me. Instead of logging in, I get back to the GDM login screen. It seems that GDM does not decrypt my home directory. Login via the console works. Logging in first via the console, staying logged in there and then logging in via GDM works too. Logfiles: see (original) bug #1165578 I reverted this commit https://mail.gnome.org/archives/commits-list/2014-April/msg03907.html by adding the relevant lines back to the files /etc/pam.d/gdm-* and now ecryptfs-mount-private is run automatically on login. Can this commit be reverted? I don't think postlogin is the best place for putting pam_ecryptfs, since if I revert the patch mentioned in comment 3, then postlogin will run for smartcard and fingerprint logins too (where there's no password available). imo, it would be better if authconfig used roughly the same logic it uses for pam_mkhomedir for pam_ecryptfs. I could add postlogin back, but then we need to revisit the last login messages situation. Hi Ray, IMHO, if the problem is only the 'ugly "Last Login" messages', then I would say your suggestion is fine. Revert the change quickly, and let's think in the light of day to a proper solution. I rather prefer an "ugly message" to a system not properly working... Thanks a lot, bye, pg Ray: Postlogin was added there because of ecryptfs, but it should be general place for other modules that need some place where they can add themself safely. It does not matter that in some cases (fingerprint) there will be no password available. It's been that way always and it can handle it well. (In reply to Piergiorgio Sartor from comment #5) > Hi Ray, > > IMHO, if the problem is only the 'ugly "Last Login" messages', then I would > say your suggestion is fine. Revert the change quickly, and let's think in > the light of day to a proper solution. > > I rather prefer an "ugly message" to a system not properly working... Its not about the message being ugly but that the delay the login process to show a pointless message 99.99% of the user do not even care about. gdm-3.14.1-2.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/gdm-3.14.1-2.fc21 tmraz any chance you could disable the message for f21? I can modify authconfig to change the parameters but it will not affect the existing installs (or installs from DVDs/livecds) unless you rerun authconfig. Package gdm-3.14.1-2.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing gdm-3.14.1-2.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-0832/gdm-3.14.1-2.fc21 then log in and leave karma (feedback). gdm-3.14.1-2.fc21 works for me! gdm-3.14.1-2.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. |