OpenSUSE Tumbleweed: cannot find the credential public key for this user

nullpo-head / WSL-Hello-sudo

Let's sudo by face recognition of Windows Hello on Windows Subsystem for Linux (WSL). It runs on both WSL 1 and WSL 2. This is a PAM module for Linux on WSL.

MIT License

1.22k stars 46 forks source link

OpenSUSE Tumbleweed: cannot find the credential public key for this user #42

Open derkoe opened 2 years ago

derkoe commented 2 years ago

When you run WSL Hello with OpenSUSE Tumbleweed it results in an error:

❯ su
WSL Hello error: cannot find the credential public key for this user
Password:

derkoe commented 2 years ago

I have further debugged this and the reason for this is that get_user returns root as the user. When i hard-code my user then everything works as expected.

Instead of: https://github.com/nullpo-head/WSL-Hello-sudo/blob/75ea67c0b374f7d19fb7bc35282863ba38d13eef/wsl_hello_pam/src/auth.rs#L188 this:

let user_name = "me";

derkoe commented 2 years ago

BTW this is the the for sudo:

$ cat /usr/etc/pam.d/sudo

#%PAM-1.0
auth       sufficient pam_wsl_hello.so
auth     include        common-auth
account  include        common-account
password include        common-password
session  optional       pam_keyinit.so revoke
session  include        common-session
# session  optional       pam_xauth.so

You can add the same first line to sudo-i and su files as well.

Cu3PO42 commented 2 years ago

I assume this is because openSUSE by default configures sudo to ask for the root password, rather than the password of your user. You can adjust this in your sudoers file by commenting out the following lines:

Defaults targetpw   # ask for the password of the target user i.e. root
ALL   ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults targetpw'!

You will also need to uncomment the line

# %wheel ALL=(ALL) NOPASSWD: ALL

and add your user to the wheel group. Otherwise you will not be able to sudo anymore. I recommend not messing with the su configuration at the same time so you don't lock yourself out.

derkoe commented 2 years ago

Thx @Cu3PO42 - this worked.

So the short version for openSUSE is:

Add your user to the wheel group (and also create the wheel group if not exists)

Comment the two lines in /etc/sudoers

Defaults targetpw   # ask for the password of the target user i.e. root
ALL   ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults targetpw'!

and remove the comment from this line:

# %wheel ALL=(ALL) NOPASSWD: ALL

Run the install.sh script as described in the README.md
When asked for the "PAM module's directory" dir enter /usr/lib64/security/
Insert the following line on top of /usr/etc/pam.d/sudo and /usr/etc/pam.d/sudo-i
```
auth       sufficient pam_wsl_hello.so
```

wzf03 commented 1 year ago

Thx @Cu3PO42 - this worked.

So the short version for openSUSE is:

1. Add your user to the wheel group (and also create the wheel group if not exists)

2. Comment the two lines in `/etc/sudoers`
   ```
   Defaults targetpw   # ask for the password of the target user i.e. root
   ALL   ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults targetpw'!
   ```

   and remove the comment from this line:
   ```
   # %wheel ALL=(ALL) NOPASSWD: ALL
   ```

3. Run the install.sh script as described in the [README.md](https://github.com/nullpo-head/WSL-Hello-sudo#installation-and-configuration)

4. When asked for the "PAM module's directory" dir enter `/usr/lib64/security/`

5. Insert the following line on top of /usr/etc/pam.d/sudo and /usr/etc/pam.d/sudo-i
   ```
   auth       sufficient pam_wsl_hello.so
   ```

And th /usr/etc/pam.d/ has been moved to /usr/lib/pam.d now.