search

cockpit-project / cockpit

Cockpit is a web-based graphical interface for servers.
http://www.cockpit-project.org/
GNU Lesser General Public License v2.1
11.25k stars 1.12k forks source link

Updated from 250.1.1-1 to 304.1.1-1focal and unable to login to cockpit UI #19662

Open zperry45 opened 11 months ago

zperry45 commented 11 months ago

Explain what happens

  1. apt update
  2. apt install cockpit=304.1.1-1focal
  3. systemctl restart cockpit
  4. systemctl restart cockpit.socket chrome_C4Gv5RyVtS

--

/etc/pam.d/cockpit

root@ubu:~#` cat /etc/pam.d/cockpit
#%PAM-1.0
auth       required     pam_sepermit.so
auth       substack     common-auth
auth       optional     pam_ssh_add.so
# List of users to deny access to Cockpit, by default root is included.
auth       required     pam_listfile.so item=user sense=deny file=/etc/cockpit/disallowed-users onerr=succeed
account    required     pam_nologin.so
account    include      common-account
password   include      common-password
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    optional     pam_keyinit.so force revoke
session    optional     pam_ssh_add.so
session    include      common-session

# Read environment variables from /etc/environment and
# /etc/security/pam_env.conf.
session    required     pam_env.so # [1]
# In Debian 4.0 (etch), locale-related environment variables were moved to
# /etc/default/locale, so read that as well.
session    required     pam_env.so user_readenv=1 envfile=/etc/default/locale

--

Steps:

sudo apt remove --purge cockpit
sudo apt autoremove
sudo apt update
sudo apt install cockpit

--

/var/log/auth.log output when logging in

Nov 28 07:05:12 ubu cockpit-session: pam_listfile(cockpit:auth): Couldn't open /etc/cockpit/disallowed-users
Nov 28 07:05:12 ubu cockpit-session: pam_unix(cockpit:session): session opened for user root by (uid=0)
Nov 28 07:05:12 ubu systemd-logind[676]: New session 53 of user root.
Nov 28 07:05:12 ubu cockpit-session: pam_unix(cockpit:session): session closed for user root
Nov 28 07:05:12 ubu systemd-logind[676]: Session 53 logged out. Waiting for processes to exit.
Nov 28 07:05:12 ubu systemd-logind[676]: Removed session 53.

Version of Cockpit

250.1.1-1, 304.1.1-1focal

Where is the problem in Cockpit?

None

Server operating system

Ubuntu

Server operating system version

Ubuntu 20.04.6

What browsers are you using?

Firefox, Chrome, Chrome on Android, Edge

System log

No response

martinpitt commented 11 months ago

apt install cockpit=304.1.1-1focal

This is not a valid version number, at least not from official sources. Official backports have 305-1~bpo22.04.1 . Is this a custom/local build? If so, how did you do this?

Your PAM config looks like the default, i.e. you didn't seem to have modified it. Also, the actual authentication did succeed, it's just that the session immediately exists again. The logs don't say why.

Wrt. reverting back, "cockpit" is just a meta-package. The interesting bit for this part is the "cockpit-ws" package. Please check dpkg -l '*cockpit*' for the versions, and possibly uninstall/downgrade/reinstall all of them.

martinpitt commented 11 months ago

Any more info here?