From owner-freebsd-stable@FreeBSD.ORG Tue Oct 14 07:20:04 2003 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E146E16A4B3; Tue, 14 Oct 2003 07:20:04 -0700 (PDT) Received: from gilliam.users.flyingcroc.net (gilliam.users.flyingcroc.net [207.246.128.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1FF8843F93; Tue, 14 Oct 2003 07:20:04 -0700 (PDT) (envelope-from joek@mail.flyingcroc.net) Received: from mail.flyingcroc.net (zircon.staff.flyingcroc.net [207.246.150.92])h9EEK2lo049982; Tue, 14 Oct 2003 07:20:03 -0700 (PDT) Message-ID: <3F8C0612.1020506@mail.flyingcroc.net> Date: Tue, 14 Oct 2003 07:20:02 -0700 From: Joe Kelsey User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030701 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Volker Stolz References: <3F8ABD15.2070601@mail.flyingcroc.net> <20031014084909.GB17718@i2.informatik.rwth-aachen.de> In-Reply-To: <20031014084909.GB17718@i2.informatik.rwth-aachen.de> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: gnome@freebsd.org cc: stable@freebsd.org Subject: Re: Using pam_ssh with gdm X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2003 14:20:05 -0000 Volker Stolz wrote: > Am 13. Oct 2003 um 16:56 CEST schrieb Joe Kelsey: > >>first try, logging the following to syslog: >>Oct 13 07:24:30 zircon gdm[186]: Couldn't open session for joek >> >>Then, gdm resets and I reenter the password and passphrase. The second >>time, I get in. Apparantly, now ssh-agent has started, but pam_ssh did >>not pass along any authentication information, so I have to call ssh-add >>by hand to actually enter the key information. This means that every >>time I log in, I have to type my password twice and my passphrase three >>times. > > > The first thing you're probably experiencing is this: > http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/45669 > > Description > The pam_ssh module uses popen() to start an ssh-agent for the user during PAM > authentication. However, pclose() causes the pam-module to return an error if > somebody else already called waitpid(-1,...) because now pclose returns -1 > and errno is set to ECHILD (observed with gdm who uses a whole bunch of processes). That fits exactly! I stumbled on a gdm error message in the logs about ssh-agent and child processes. I run 4-STABLE, your PR relates to 5-CURRENT. Has anyone doen anything about fixing this in 4-STABLE? Also, switching to only using my ssh passpharase doesn't tickle the ssh-agent child process bug. Also, why doesn't pam_ssh export my identities into ssh-agent? I still have to do a separate ssh-add to load the keys into ssh-agent. The pam_ssh man page still says that it does this, but obviously it doesn't. /Joe