search

cruegge / pam-gnupg

Unlock GnuPG keys on login
GNU General Public License v3.0
269 stars 12 forks source link

Logs showing pam_gnupg: helper terminated with exit code 1 #18

Closed utkarsh181 closed 4 years ago

utkarsh181 commented 4 years ago

Hi, first of all thanks for pam_gnupg, everything is working as expected but my logs are showing some errors:

journalctll:

ul 04 12:24:37 archlinux kernel: audit: type=1105 audit(1593845677.156:36): pid=425 uid=0 auid=1000 ses=2 msg='op=PAM:session_open grantors=pam_loginuid,pam_loginuid,pam_keyinit,pam_limits>
Jul 04 12:24:36 archlinux audit[414]: CRED_ACQ pid=414 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_securetty,pam_tally2,pam_shells,pam_unix,pam_permit acct="utkars>
Jul 04 12:24:37 archlinux audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? >
Jul 04 12:24:37 archlinux audit[425]: USER_ACCT pid=425 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=pam_tally2,pam_access,pam_unix,pam_permit,pam_time acct="utkarsh>
Jul 04 12:24:37 archlinux audit[425]: CRED_ACQ pid=425 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=? acct="utkarsh" exe="/usr/lib/systemd/systemd" hostname=? addr=? te>
Jul 04 12:24:37 archlinux audit[425]: USER_START pid=425 uid=0 auid=1000 ses=2 msg='op=PAM:session_open grantors=pam_loginuid,pam_loginuid,pam_keyinit,pam_limits,pam_unix,pam_permit,pam_mai>
Jul 04 12:24:37 archlinux systemd[1]: Created slice User Slice of UID 1000.
Jul 04 12:24:36 archlinux login[414]: pam_gnupg(login:setcred): helper terminated with exit code 1
Jul 04 12:24:37 archlinux systemd[1]: Starting User Runtime Directory /run/user/1000...
Jul 04 12:24:36 archlinux wpa_supplicant[418]: wlp3s0: CTRL-EVENT-REGDOM-CHANGE init=BEACON_HINT type=UNKNOWN
Jul 04 12:24:37 archlinux systemd-logind[394]: New session 1 of user utkarsh.
Jul 04 12:24:36 archlinux login[414]: pam_unix(login:session): session opened for user utkarsh by LOGIN(uid=0)
Jul 04 12:24:37 archlinux systemd[1]: Finished User Runtime Directory /run/user/1000.
Jul 04 12:24:37 archlinux systemd[425]: pam_warn(systemd-user:setcred): function=[pam_sm_setcred] flags=0x8002 service=[systemd-user] terminal=[] user=[utkarsh] ruser=[<unknown>] rhost=[<un>
Jul 04 12:24:37 archlinux systemd[1]: Starting User Manager for UID 1000...
Jul 04 12:24:37 archlinux systemd[425]: pam_unix(systemd-user:session): session opened for user utkarsh by (uid=0)
Jul 04 12:24:37 archlinux systemd[425]: Reached target Paths.
Jul 04 12:24:38 archlinux kernel: audit: type=1130 audit(1593845677.876:37): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hos>
Jul 04 12:24:37 archlinux audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? r>
Jul 04 12:24:37 archlinux systemd[425]: Reached target Timers.
Jul 04 12:24:37 archlinux systemd[425]: Starting D-Bus User Message Bus Socket.
Jul 04 12:24:37 archlinux systemd[425]: Listening on GnuPG network certificate management daemon.
Jul 04 12:24:37 archlinux systemd[425]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers).
Jul 04 12:24:37 archlinux systemd[425]: Listening on GnuPG cryptographic agent and passphrase cache (restricted).
Jul 04 12:24:37 archlinux systemd[425]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Jul 04 12:24:37 archlinux systemd[425]: Listening on GnuPG cryptographic agent and passphrase cache.
Jul 04 12:24:37 archlinux systemd[425]: Listening on p11-kit server.
Jul 04 12:24:37 archlinux systemd[425]: Listening on Sound System.
Jul 04 12:24:37 archlinux systemd[425]: Listening on D-Bus User Message Bus Socket.
Jul 04 12:24:37 archlinux systemd[425]: Reached target Sockets.
Jul 04 12:24:37 archlinux systemd[425]: Reached target Basic System.
Jul 04 12:24:37 archlinux systemd[1]: Started User Manager for UID 1000.
Jul 04 12:24:37 archlinux systemd[425]: Starting Update XDG user dir configuration...
Jul 04 12:24:37 archlinux systemd[1]: Started Session 1 of user utkarsh.
Jul 04 12:24:37 archlinux systemd[425]: Started GnuPG cryptographic agent and passphrase cache.
Jul 04 12:24:38 archlinux systemd[425]: xdg-user-dirs-update.service: Succeeded.

This line :

Jul 04 12:24:36 archlinux login[414]: pam_gnupg(login:setcred): helper terminated with exit code 1

gpg-agent-conf:

allow-preset-passphrase
max-cache-ttl 60480000
default-cache-ttl 60480000

/etc/pam.d/gdm-password

auth     include   system-local-login
auth     optional  pam_gnome_keyring.so

account  include   system-local-login

password include   system-local-login
password optional  pam_gnome_keyring.so use_authtok

session  optional  pam_keyinit.so force revoke
session  include   system-local-login
session  optional  pam_gnome_keyring.so auto_start
auth     optional  pam_gnupg.so
session  optional  pam_gnupg.so

Is there something that I don't know and I am suppose to know.

cruegge commented 4 years ago

Sorry for the very late reply. The error message is indeed harmless. It happens during authentication, before opening the session, when the agent is not running yet. Unlocking then succeeds in session.

The option store-only to the auth optional ...-line can be used to disable sending the passphrase during authentication, which will suppress this message. In general, it should probably always be used for services that do open a session, i.e. gdm but not i3lock. I'm going to restructure some parts of the README anyway and will state that more clearly then.

cruegge commented 4 years ago

I updated the README, it now suggests using store-only for any service that opens a session. Closing this.