After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 649042 - gdm.policy settings silently disallow gdmsetup Unlock on remote sessions
gdm.policy settings silently disallow gdmsetup Unlock on remote sessions
Status: RESOLVED OBSOLETE
Product: gdm
Classification: Core
Component: general
2.32.x
Other Linux
: Normal normal
: ---
Assigned To: GDM maintainers
GDM maintainers
Depends on:
Blocks:
 
 
Reported: 2011-04-30 18:32 UTC by Benjamin Shadwick
Modified: 2018-05-24 10:34 UTC
See Also:
GNOME target: ---
GNOME version: 2.31/2.32


Description Benjamin Shadwick 2011-04-30 18:32:42 UTC 
I run a completely headless Ubuntu Linux box, which I routinely log into via x2go and/or SSH. When I run gdmsetup, the Unlock button does nothing and I get no message on the console.

There's a bug on launchpad.net against policykit ( https://bugs.launchpad.net/ubuntu/+source/policykit/+bug/221363 ), in which people have mentioned that this is a bug in various .policy files in /usr/share/polkit-1/actions. I was able to fix this for gdmsetup by changing "allow_active" to "allow_any" on the following line in gdm.policy:

<allow_active>auth_admin_keep</allow_active>

I'm filing this against gdm because Ubuntu's package management lists gdm as the package that installs /usr/share/polkit-1/actions/gdm.policy.

I should also mention that this does not fix the separate issue of gdmsetup being unresponsive when launched with root privileges via sudo/gksudo/gksu.
Comment 1 Benjamin Shadwick 2011-04-30 18:35:10 UTC 
Forgot to mention that this was encountered in both Ubuntu 10.10 (Maverick) x64 and 11.04 (Natty) x64, and I didn't figure out how to fix it until I had already upgraded to the latter.
Comment 2 Milan Bouchet-Valat 2011-05-01 02:41:04 UTC 
To be clear, the problem is that PolicyKit doesn't consider remote sessions as active. So services that don't really need the active/inactive distinction should use allow_any. I think this is the case for most auth_admin services, since admins should be allowed to do anything they want, disregarding the kind of session they're using.
Comment 3 Benjamin Shadwick 2011-05-02 00:48:35 UTC 
Update: This also affects x2go remote sessions of GNOME 3 running in Ubuntu 11.04 (Natty) x64 (installed from ppa:gnome3-team/gnome3, running in fallback mode because it's a remote session).

The fix/workaround for GNOME 3 is the same.
Comment 4 David B 2011-07-21 20:01:08 UTC 
I was able to get around this by setting my NX client to launch gnome via "gnome-session --session=classic-gnome" . No sure if this helps or not.
Comment 5 bkamen 2012-06-30 00:32:38 UTC 
I'm using CentOS and haven't dug into it in the past, but this problem has plagued Gnome when trying to access adminstrative programs (like yumex or user configuration).

I would like to do a lot of my work from a remote X display via XDMCP -- and in the past it didn't (and still does not) work.

Until I found this thread and tried it out on YUMEX's
/usr/share/polkit-1/actions//org.yum-extender.backend.policy

by changing:
     <allow_any>no</allow_any>
to
     <allow_any>auth_admin_keep</allow_any>


and sure enough -- it works. (by prompting me for a password instead of just blowing up)

I'm using Cygwin/X X server v1.11.2 on WinXP Pro 32b/SP3 as one platform currently.
Comment 6 GNOME Infrastructure Team 2018-05-24 10:34:38 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to GNOME's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/gdm/issues/63.