session: No tty for pam, but session class and type. #1808
Conversation
|
Let's hear from Lennart whether this is ok. I didn't touch the utmp code, but maybe we should avoid our fake tty there as well. |
| return res; | ||
| } | ||
| setenv ("XDG_SESSION_CLASS", "user", 1); | ||
| setenv ("XDG_SESSION_TYPE", "web", 1); |
There was a problem hiding this comment.
Shouldn't these be pam_setenv()?
There was a problem hiding this comment.
Probably, I don't know what I am doing...
There was a problem hiding this comment.
Done, pam_putenv works.
|
Fixes #1098 |
mvollmer
force-pushed
the
no-pam-tty
branch
2 times, most recently
from
bb83de0
to
c9a48f1
Compare
|
Looks good to me. The "web" session type is only available in really new versions of systemd (>= v216). Not sure what kind of error you will get if you try this on older versions (or whether you get one at all...) If you need compat with pre-v216 versions you'd have to test this I fear... |
With 216 and a invalid session type "webx", the login succeeds but logind will not create a session. This in turn will break polkit for us since we hook the agent to the session. I guess systemd < 216 will behave the same. |
Setting the session type in the pam config file is probably best then. That allows people who want to backport to pre-216 systemd to get Cockpit running. |
|
Removed XDG_SESSION_TYPE=web. |
|
Stef, by "config file" you mean PAM snippet? sounds good to me then. |
On Fedora at least, our invocation of pam_systemd is in the password-auth snippet, which is included into pam.d/cockpit... |
Yup. |
Systemd-logind expects a real tty and we should set the session class explicitly. https://bugs.freedesktop.org/show_bug.cgi?id=89024#c1
|
Corrected commit message re not setting XDG_SESSION_TYPE. |
Systemd-logind expects a real tty and we should set the session class
and type explicitly.
https://bugs.freedesktop.org/show_bug.cgi?id=89024#c1