Closed JBlocklove closed 1 year ago
Sorry for the late reply. I think the problem is that slock does not open a session, so it only ever calls the auth module, which is configured as store-only
and therefore doesn't actually do any unlocking. I wasn't aware that the slock patch uses the login
service, and I find that a rather unfortunate choice. Try creating a file /etc/pam.d/slock
with contents
auth include system-auth
auth optional pam_gnupg.so debug
and patch slock to use that.
Sorry for my own delayed response. That seems to have fixed it perfectly, thanks!
I just switched from i3lock to slock and I can't seem to get slock to unlock my keys. So far, I've set my drop user and group to my primary group as mentioned in the README, I added the
pam-auth
patch, and I've added the thepam_setcred
line from #34 to myslock.c
file, but when I unlock I still have to separately unlock my gpg key.Here is what my
system-local-login
pam file looks like:I believe that should be the only file I needed to modify with the
pam-gnupg
files, since thepam-auth
patch sets the pam service tologin
. Is it possible I need to have that point to a different service?Here are the
slock
lines from myjournalctl
:I'm not using
systemd-homed
and have it disabled, so I believe that warning should be ignoreable. It looks to me like the issue might be withsetcred
since it saysstore-only set, skipping
but I believe thatstore-only
should be there since it's worked fine with my other lockers and my display manager (I usely
).My
slock
configuration is all up-to-date on thepam
branch of myslock
repo: https://github.com/JBlocklove/slock/tree/pam, but the only changes made in this branch were adding the patch, adding thepam_setcred
line, and setting up myconfig.h
to have my user and group.I imagine I just have something configured incorrectly with
pam-gnupg
, especially since in #34 there were more debug messages that I'm not seeing, but I'm not sure what else to check. Any help would be greatly appreciated!