GNOME Bugzilla – Bug 770612
new cryptsetup integration with gdm breaks non-luks use cases
Last modified: 2016-08-30 20:42:40 UTC
I didn't quite get the pam stuff right, so if a user doesn't have LUKS things go wrong. See attached patches for a proposed solution.
Created attachment 334483 [details] [review] pam_gdm: return AUTHINFO_UNAVAIL if kernel keyring unavailable right now we return PAM_SUCCESS if keyutils are unavailable. This is the wrong default, we should fail if we aren't able to get the password.
Created attachment 334484 [details] [review] pam: don't call into pam_unix if pam_gdm fails for autolgoin If pam_gdm fails we shouldn't call into pam_unix since it can lead to the system asking for a password, and autologin isn't equipped for that. This commit changes the pam configuration to jump to pam_permit if pam_gdm fails.
Attachment 334483 [details] pushed as bb12416 - pam_gdm: return AUTHINFO_UNAVAIL if kernel keyring unavailable Attachment 334484 [details] pushed as aa7fbd9 - pam: don't call into pam_unix if pam_gdm fails for autolgoin