Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Howdy fails with Greetd (pam_setcred authentication error) #991

Open
Delta18-Git opened this issue Feb 4, 2025 · 2 comments
Open

Howdy fails with Greetd (pam_setcred authentication error) #991

Delta18-Git opened this issue Feb 4, 2025 · 2 comments

Comments

@Delta18-Git
Copy link

Delta18-Git commented Feb 4, 2025
edited
Loading

I've been using gdm for a long time, but recently I switched over to a Wayland compositor. I also switched my display manager to greetd at the same time. However with howdy (beta), greetd fails to start.

In the journal, the error is:

greetd[29536]: error: authentication error: pam_setcred: PERM_DENIED
greetd[29535]: unable to start greeter: session start failed: authentication error: pam_setcred: PERM_DENIED
systemd[1]: greetd.service: Main process exited, code=exited, status=1/FAILURE

On some investigation, I believe it can be due to setcred being defined as PAM_IGNORE in main.cc in the pam module in howdy/beta. Link to code

I've searched for similar issues already, and my issue has not been reported yet.

Linux distribution (if applicable): Arch Linux

Howdy version (sudo howdy version): Howdy 3.0.0 BETA
@Delta18-Git
Copy link
Author

Delta18-Git commented Feb 4, 2025
edited
Loading

PAM Configuration (/etc/pam.d/system-auth)

#%PAM-1.0

auth       requisite                   pam_faillock.so      preauth
# Optionally use requisite above if you do not want to prompt for the password
# on locked accounts.
-auth      [success=2 default=ignore]  pam_systemd_home.so
auth       sufficient                  /lib/security/pam_howdy.so
auth       [success=1 default=bad]     pam_unix.so          try_first_pass nullok
auth       [default=die]               pam_faillock.so      authfail
auth       optional                    pam_permit.so
auth       required                    pam_env.so
auth       required                    pam_faillock.so      authsucc
# If you drop the above call to pam_faillock.so the lock will be done also
# on non-consecutive authentication failures.

-account   [success=1 default=ignore]  pam_systemd_home.so
account    required                    pam_unix.so
account    optional                    pam_permit.so
account    required                    pam_time.so

-password  [success=1 default=ignore]  pam_systemd_home.so
password   required                    pam_unix.so          try_first_pass nullok shadow
password   optional                    pam_permit.so

-session   optional                    pam_systemd_home.so
session    required                    pam_limits.so
session    required                    pam_unix.so
session    optional                    pam_permit.so

Commenting the pam_howdy.so line allows the display manager to start.

@Delta18-Git
Copy link
Author

The relevant code in greetd: Link

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Delta18-Git