-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
session: No tty for pam, but session class and type. #1808
Conversation
Let's hear from Lennart whether this is ok. I didn't touch the utmp code, but maybe we should avoid our fake tty there as well. |
return res; | ||
} | ||
setenv ("XDG_SESSION_CLASS", "user", 1); | ||
setenv ("XDG_SESSION_TYPE", "web", 1); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't these be pam_setenv()?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably, I don't know what I am doing...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done, pam_putenv works.
Fixes #1098 |
bb83de0
to
c9a48f1
Compare
Looks good to me. The "web" session type is only available in really new versions of systemd (>= v216). Not sure what kind of error you will get if you try this on older versions (or whether you get one at all...) If you need compat with pre-v216 versions you'd have to test this I fear... |
With 216 and a invalid session type "webx", the login succeeds but logind will not create a session. This in turn will break polkit for us since we hook the agent to the session. I guess systemd < 216 will behave the same. |
Setting the session type in the pam config file is probably best then. That allows people who want to backport to pre-216 systemd to get Cockpit running. |
Removed XDG_SESSION_TYPE=web. |
Stef, by "config file" you mean PAM snippet? sounds good to me then. |
On Fedora at least, our invocation of pam_systemd is in the password-auth snippet, which is included into pam.d/cockpit... |
Yup. |
Systemd-logind expects a real tty and we should set the session class explicitly. https://bugs.freedesktop.org/show_bug.cgi?id=89024#c1
Corrected commit message re not setting XDG_SESSION_TYPE. |
Systemd-logind expects a real tty and we should set the session class
and type explicitly.
https://bugs.freedesktop.org/show_bug.cgi?id=89024#c1