Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Identical Setups, One works and one doesn't #44

Open
BlakePerkins opened this issue Sep 25, 2022 · 10 comments
Open

Identical Setups, One works and one doesn't #44

BlakePerkins opened this issue Sep 25, 2022 · 10 comments

Comments

@BlakePerkins
Copy link

I know that this is a very vague issue, but I figured I'd get this out here and see if anyone can help me out.

I recently bought a new laptop and installed an identical operating system as my old one (Artix Linux - openrc). The previous system has been running pam-gnupg without any issues for the past couple of years, so I figured I could steal all the files from pam.d/ on that computer and move it to the new one. After that, I generated a gpg key and setup the new machine exactly as I did the old one. However, I am still being asked for my password after login.

I have since tried following the default README instructions (before I changed the location of .gnupg/) and following advice on the Artix forums (https://forum.artixlinux.org/index.php/topic,2446.0.html) without any success. (all done with original pam.d/ and new gpg keys)

If anybody can provide steps that allow me to get pam-gnupg functional again, I'll venmo you $20 because I cannot figure this out.
@cruegge
Copy link
Owner

cruegge commented Sep 26, 2022

Can you add the debug option to the relevant lines in pam.d/ and check whether anything ends up in your syslog?

@BlakePerkins
Copy link
Author

BlakePerkins commented Sep 29, 2022
edited
Loading

I have added the following three lines to /etc/pam.d/login, but I am still not seeing a debug.log in /var/log

auth optional pam_gnupg.so store-only debug
session optional pam_env.so user_readenv=1 debug
session optional pam_gnupg.so debug

Where am I going wrong?

@cruegge
Copy link
Owner

cruegge commented Sep 29, 2022

Maybe it ends up in the standard log file (something like syslog.log)? That depends on Artix' syslog setup, which I don't know about. Try grepping for pam_gnupg in /var/log.

@BlakePerkins
Copy link
Author

I see the following output in /var/log/auth.log

Sep 26 23:01:59 may login[1974]: pam_gnupg(login:setcred): store-only set, skipping Sep 26 23:03:29 may login[1962]: pam_gnupg(login:auth): stored passphrase Sep 26 23:03:29 may login[1962]: pam_gnupg(login:setcred): store-only set, skipping Sep 26 23:03:29 may login[1962]: pam_gnupg(login:session): presetting passphrase succeeded, cleaning up Sep 26 23:03:29 may login[1962]: pam_gnupg(login:setcred): store-only set, skipping Sep 28 20:11:23 may login[1962]: pam_gnupg(login:setcred): store-only set, skipping Sep 28 20:11:48 may login[1981]: pam_gnupg(login:session): presetting passphrase succeeded, cleaning up Sep 28 20:14:42 may login[1975]: pam_gnupg(login:auth): stored passphrase Sep 28 20:14:42 may login[1975]: pam_gnupg(login:setcred): store-only set, skipping Sep 28 20:14:42 may login[1975]: pam_gnupg(login:session): presetting passphrase succeeded, cleaning up Sep 28 20:14:42 may login[1975]: pam_gnupg(login:setcred): store-only set, skipping Sep 29 15:35:57 may login[1975]: pam_gnupg(login:setcred): store-only set, skipping Sep 29 15:36:01 may login[14506]: pam_gnupg(login:auth): stored passphrase Sep 29 15:36:01 may login[14506]: pam_gnupg(login:setcred): store-only set, skipping Sep 29 15:36:01 may login[14506]: pam_gnupg(login:session): presetting passphrase succeeded, cleaning up Sep 29 15:36:01 may login[14506]: pam_gnupg(login:setcred): store-only set, skipping

@cruegge
Copy link
Owner

cruegge commented Sep 30, 2022

This looks okay so far, but debug logging is not very detailed unfortunately. In particular, it doesn't indicate whether a config file or any keygrips are found; not having a config at all is not an error. Are you sure your config file is in the right place? Do you modify XDG_CONFG_HOME or GNUPGHOME in pam_env? Also, do you use other password tools like Gnome Keyring?

@BlakePerkins
Copy link
Author

BlakePerkins commented Sep 30, 2022
edited
Loading

I modify both in ~/.pam_environment.

~/.pam_environment:

GNUPGHOME DEFAULT=@{HOME}/.local/share/gnupg
XDG_CONFIG_HOME DEFAULT=@{HOME}/.config

My gpg-agent.conf is inside ~/.local/share/gnupg

I have gnome-keyring installed, but I have never messed around with it.

@cruegge
Copy link
Owner

cruegge commented Oct 1, 2022

Just to be sure: is the apostrophe (') at the end of XDG_CONFIG_HOME is a typo here, or is that actually part of the file?

@BlakePerkins
Copy link
Author

Typo

@cruegge
Copy link
Owner

cruegge commented Oct 2, 2022

Ok, was worth a shot :) Next guess: there are some known issues with gpg-agent and gnome keyring. Can you check that GPG_AGENT_INFO is unset? In general, gpg does not require any env variables except for GNUPGHOME, so can you check whether env | grep GPG or env | grep GNUPG return anything unusual?

@kronikpillow
Copy link

Ahh, I see you found the thread where i was bullied in to quitting Artix Linux :D never installed that distro after that thread again ...

@kronikpillow kronikpillow mentioned this issue Jul 5, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cruegge @BlakePerkins @kronikpillow