[ovirt-users] Debian linux and oVirt SSO

Tadas tadas at ring.lt
Mon Jul 18 11:12:26 UTC 2016 

This is really interesting.
pam-ovirt-cred is randomly failing on one of two checks:

https://github.com/oVirt/ovirt-guest-agent/blob/master/pam-ovirt-cred/c
red_channel.c#L107

and

https://github.com/oVirt/ovirt-guest-agent/blob/master/pam-ovirt-cred/c
red_channel.c#L134

Theres  no pattern, on which step it will fail. Sometimes it fails on
writing to socket sometimes on reading:

Jul 18 14:11:02 desktop64 cred-debug: recv() failed
Jul 18 14:11:14 desktop64 cred-debug: send() failed
Jul 18 14:11:18 desktop64 cred-debug: recv() failed
Jul 18 14:11:23 desktop64 cred-debug: recv() failed
Jul 18 14:11:28 desktop64 cred-debug: send() failed
Jul 18 14:11:33 desktop64 cred-debug: recv() failedOn Mon, 2016-07-18 at 09:51 +0300, Tadas wrote:
> After moving to gdm, I've managed to solve the timeout issue. Now i
> bumped into another one:
> oVirt agent seem to emit credentials without error:
> 
> Dummy-1::DEBUG::2016-07-18
> 09:29:53,293::OVirtAgentLogic::304::root::User log-in (credentials =
> '\x00\x00\x00\x04test********\x00')
> Dummy-1::INFO::2016-07-18 09:29:53,293::CredServer::207::root::The
> following users are allowed to connect: [0]
> Dummy-1::DEBUG::2016-07-18
> 09:29:53,294::CredServer::272::root::Token:
> 250954
> Dummy-1::INFO::2016-07-18
> 09:29:53,294::CredServer::273::root::Opening
> credentials channel...
> Dummy-1::INFO::2016-07-18
> 09:29:53,294::CredServer::132::root::Emitting
> user authenticated signal (250954).
> Dummy-1::INFO::2016-07-18
> 09:29:53,349::CredServer::277::root::Credentials channel was closed.
> 
> But pam module is failing:
> gdm-ovirtcred]: pam_ovirt_cred(gdm-ovirtcred:auth): Failed to acquire
> user's credentials
> 
> After poking a bit I've managed to find, that module fails on:
> 
>     if (ret == -1) {
>         D(("send() failed."));
>         return -1;
>     }
> 
> in cred_channel.c
> 
> 
> Also, i have to mention, that there's no /etc/pamd/password-auth file
> in Debian Linux. I've copied it from Centos (it is needed by gdm-
> ovirtcred.pam)
> > > _______________________________________________
> > > Users mailing list
> > > Users at ovirt.org
> > > http://lists.ovirt.org/mailman/listinfo/users
> > 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

More information about the Users mailing list