(Resending, as the first mail does not seem to be on the list) I installed a machine with KDE, configured pam_kwallet (to open KDE's password safe automatically when logging in) and it worked. Then I moved /home onto an encrypted partition and configured pam_mount to automatically decrypt/mount /home when logging in and it worked mostly. The remaining part is that /home should be unmounted when logging off, which does not work currently (but that's not the reason of this mail). Unfortunately, if the now encrypted /home partition is not mounted when logging in, the wallet does not get opened. When logging off and logging in again (remember: /home is still mounted after logging off), the wallet gets opened. So both pam modules work separately, only if they have to work both, pam_kwallet fails. I read the Linux-PAM System Administrators' Guide, but I am lacking an idea how to debug this problem. Has anyone an idea what I should do to find the root of the problem? My wild guess would be that either pam_kwallet needs access to its home directory, which it gets too late if pam_mount has to mount the file system, or that pam_mount has to succeed (or fail?) so that pam_kwallet works. I already activated debugging in pam_mount (setting "<debug enable="1" />" in /etc/security/pam_mount.conf.xml (why XML?)), but I do not know how to enable debugging in pam_kwallet. The log of the first (unsuccessful for kwallet) login: > 23:24:57: (pam_mount.c:365): pam_mount 2.14: entering auth stage > 23:24:57: (pam_mount.c:365): pam_mount 2.14: entering auth stage > 23:24:57: pam_kwallet(lightdm:auth): pam_sm_authenticate > 23:25:00: pam_unix(lightdm-greeter:session): session closed for user lightdm > 23:25:00: pam_kwallet(lightdm:setcred): pam_sm_setsecred > 23:25:00: pam_unix(lightdm:session): session opened for user pat by (uid=0) > 23:25:00: (pam_mount.c:568): pam_mount 2.14: entering session stage > 23:25:00: (pam_mount.c:568): pam_mount 2.14: entering session stage > 23:25:00: (pam_mount.c:441): pmvarrun says login count is 2 > 23:25:00: (pam_mount.c:660): done opening session (ret=0) > 23:25:00: pam_kwallet(lightdm:session): pam_sm_open_session > 23:25:00: pam_kwallet(lightdm:session): pam-kwallet: final socket path: > 23:25:00: /tmp//pat.socket (pam_mount.c:441): pmvarrun says login count is 2 > 23:25:00: (pam_mount.c:660): done opening session (ret=0) The log of the first (successful for kwallet) login: > 23:27:59: (pam_mount.c:365): pam_mount 2.14: entering auth stage > 23:27:59: (pam_mount.c:365): pam_mount 2.14: entering auth stage > 23:27:59: pam_kwallet(lightdm:auth): pam_sm_authenticate > 23:28:02: pam_unix(lightdm-greeter:session): session closed for user lightdm > 23:28:02: pam_kwallet(lightdm:setcred): pam_sm_setsecred > 23:28:02: pam_unix(lightdm:session): session opened for user pat by (uid=0) > 23:28:02: (pam_mount.c:568): pam_mount 2.14: entering session stage > 23:28:02: (pam_mount.c:568): pam_mount 2.14: entering session stage > 23:28:07: (pam_mount.c:522): mount of /dev/sda5 failed > 23:28:07: (pam_mount.c:441): pmvarrun says login count is 2 > 23:28:07: (pam_mount.c:660): done opening session (ret=0) > 23:28:07: pam_kwallet(lightdm:session): pam_sm_open_session > 23:28:07: pam_kwallet(lightdm:session): pam-kwallet: final socket path: > 23:28:07: /tmp//pat.socket (pam_mount.c:522): mount of /dev/sda5 failed > 23:28:07: (pam_mount.c:441): pmvarrun says login count is 2 > 23:28:07: (pam_mount.c:660): done opening session (ret=0) I diffed them and there are only two differences. First, the successful login contains the lines "mount [...] failed" two times. Second, the time stamps contain a 5 second delay in the successful login (probably due to the failed mount - the mounting has to fail, as it is already mounted). That's where I did not have further ideas. So if anyone has input, that would be highly welcome. Kind regards Patrick _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
