Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 14 Oct 2003 07:20:02 -0700
From:      Joe Kelsey <joek@mail.flyingcroc.net>
To:        Volker Stolz <stolz@i2.informatik.rwth-aachen.de>
Cc:        stable@freebsd.org
Subject:   Re: Using pam_ssh with gdm
Message-ID:  <3F8C0612.1020506@mail.flyingcroc.net>
In-Reply-To: <20031014084909.GB17718@i2.informatik.rwth-aachen.de>
References:  <3F8ABD15.2070601@mail.flyingcroc.net> <20031014084909.GB17718@i2.informatik.rwth-aachen.de>
next in thread | previous in thread | raw e-mail | index | archive | help 
Volker Stolz wrote:
> Am 13. Oct 2003 um 16:56 CEST schrieb Joe Kelsey:
> 
>>first try, logging the following to syslog:
>>Oct 13 07:24:30 zircon gdm[186]: Couldn't open session for joek
>>
>>Then, gdm resets and I reenter the password and passphrase.  The second 
>>time, I get in.  Apparantly, now ssh-agent has started, but pam_ssh did 
>>not pass along any authentication information, so I have to call ssh-add 
>>by hand to actually enter the key information.  This means that every 
>>time I log in, I have to type my password twice and my passphrase three 
>>times.
> 
> 
> The first thing you're probably experiencing is this:
> http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/45669
> 
> Description
> The pam_ssh module uses popen() to start an ssh-agent for the user during PAM
> authentication. However, pclose() causes the pam-module to return an error if
> somebody else already called waitpid(-1,...) because now pclose returns -1
> and errno is set to ECHILD (observed with gdm who uses a whole bunch of processes).

That fits exactly!  I stumbled on a gdm error message in the logs about 
ssh-agent and child processes.  I run 4-STABLE, your PR relates to 
5-CURRENT.  Has anyone doen anything about fixing this in 4-STABLE? 
Also, switching to only using my ssh passpharase doesn't tickle the 
ssh-agent child process bug.

Also, why doesn't pam_ssh export my identities into ssh-agent?  I still 
have to do a separate ssh-add to load the keys into ssh-agent.  The 
pam_ssh man page still says that it does this, but obviously it doesn't.

/Joe

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F8C0612.1020506>