LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 02-13-2020, 11:26 AM   #61
gattocarlo
Member
 
Registered: Jan 2020
Posts: 30

Rep: Reputation: Disabled

Quote:
Originally Posted by garpu View Post
Ooof. Here's hoping it gets sorted, because jack is kind of something I rely upon, too. (Well, jack2, if you're being specific.)
I'm using jack2 and tried both the dbus version and jackd...

I'm reading the PAM documentation to see if I can spot a possible problem. It is weird because ulimit -a shows that pam_limits is working fine. Still on a terminal or on a console chrt does not work, while if I connect to a localhost shell with ssh it works. I've read about some incompatibility between PAM and CONFIG_RT_GROUP_SCHED (without clear explanations of why, though). Given the situation I'd tend to exclude it. So I hope it is just a problem of configuration.
 
Old 02-13-2020, 12:19 PM   #62
aaazen
Member
 
Registered: Dec 2009
Posts: 358

Rep: Reputation: Disabled
Quote:
Originally Posted by Gerard Lally View Post
I'm not familiar with PAM. Can you be more specific? I use SSH, OpenVPN and StrongSwan. Does the inclusion of PAM compromise them, or render them less secure? Does it make these specific targets bigger and easier to hit?
From an SSH developer, Problems with PAM (Pluggable Authentication Modules)
 
Old 02-13-2020, 12:30 PM   #63
kikinovak
MLED Founder
 
Registered: Jun 2011
Location: Montpezat (South France)
Distribution: CentOS, OpenSUSE
Posts: 3,438

Rep: Reputation: 2103Reputation: 2103Reputation: 2103Reputation: 2103Reputation: 2103Reputation: 2103Reputation: 2103Reputation: 2103Reputation: 2103Reputation: 2103Reputation: 2103
Quote:
Originally Posted by aaazen View Post
The references are dated 1994 and 1997. As for the document itself, it states the author has been working on the problem since mid-2003.
 
1 members found this post helpful.
Old 02-13-2020, 12:33 PM   #64
gattocarlo
Member
 
Registered: Jan 2020
Posts: 30

Rep: Reputation: Disabled
Quote:
Originally Posted by garpu View Post
Here's an idea...do things work if you do pasuspend before starting jack? Are you using jack or jack2? If memory serves, labs like CCRMA are using jack2 these days.
the problem is not pulseaudio.

I'm using jack2 and if I run jackd over a ssh connection I can start it with real-time priority...
 
1 members found this post helpful.
Old 02-13-2020, 12:41 PM   #65
0XBF
Member
 
Registered: Nov 2018
Location: Winnipeg
Distribution: Slackware
Posts: 188

Rep: Reputation: 138Reputation: 138
I haven't installed PAM yet since I'd rather wait out the testing phase but in the past I've just used an initscript with
Code:
ulimit -l unlimited # Remove limit from max amount of memory that can be locked
ulimit -r 90 # Set maximum realtime priority to 90
to tweak the real-time priority (with my realtime enabled kernel) of jack and other audio programs like ardour. Also your error says its attempting to change the priority of 'PID 0' which doesn't seem right. Edit: just read about chrt, I guess that's the error it gives when it cant start the process supplied on the command line, still not sure whats up.

Last edited by 0XBF; 02-13-2020 at 12:49 PM.
 
Old 02-13-2020, 03:54 PM   #66
gattocarlo
Member
 
Registered: Jan 2020
Posts: 30

Rep: Reputation: Disabled
Quote:
Originally Posted by 0XBF View Post
I haven't installed PAM yet since I'd rather wait out the testing phase...
the problem is not real time priority but checking if PAM is working correctly in enforcing ulimits. I'm coming to think that the problem I'm reporting may be related to ConsoleKit2.

If I comment out:

Code:
session                optional        pam_ck_connector.so nox11
from /etc/pam.d/login now in the console chrt works as expected.

The ENV_SUPATH problem has been fixed with the last update.
 
Old 02-13-2020, 04:38 PM   #67
rkelsen
Senior Member
 
Registered: Sep 2004
Distribution: slackware
Posts: 2,487

Rep: Reputation: 730Reputation: 730Reputation: 730Reputation: 730Reputation: 730Reputation: 730Reputation: 730
Quote:
Originally Posted by lonestar_italy View Post
Allow me to be the only one voicing sadness for this change.

Keeping PAM away was one of the things that made me proud of Slackware.
Well then I'd suggest that you grab a copy of the -current tree now, and keep it in a safe place.
 
1 members found this post helpful.
Old 02-13-2020, 06:33 PM   #68
gouttegd
LQ Newbie
 
Registered: Nov 2019
Location: London, UK
Distribution: Slackware
Posts: 26

Rep: Reputation: 53
Quote:
Originally Posted by gattocarlo View Post
But since I use PulseAudio as a JACK client -- and it obviously requires rtkit -- the only way to fool it in a non-PAM system was to use set_rlimits.
For what itís worth, thereís another tool to set resource limits on a system without PAM: ulimits. It reads the limits to set from the /etc/limits file, as /bin/login does.

Full disclosure: I am the author of that tool. I am advertising it here as I believe it is relevant and may still be of some use for those using Slackware-14.2 or a non-PAM-ified -current. Apologies if this is considered out of line, moderators may delete that post in that case.
 
4 members found this post helpful.
Old 02-14-2020, 05:34 AM   #69
gattocarlo
Member
 
Registered: Jan 2020
Posts: 30

Rep: Reputation: Disabled
pam_limits possible fixes

Quote:
Originally Posted by gattocarlo View Post
I think there may be a problem with the PAM configuration. If I run this command from a ssh shell I get:

Code:
$ chrt -v -r 50 bash
pid 5569's new scheduling policy: SCHED_RR
pid 5569's new scheduling priority: 50
If I run it from a terminal I get:

Code:
$ chrt -v -r 50 bash
chrt: faild to set pid 0's policy: Operation not permitted
I was eventually able to track down the problem and find a couple of possible fixes.

That was tough since I had to dig into ConsoleKit2 and control group (cg), stuff I'm not familiar with, so please pardon me if you will find some technical mistake in my report.

ControlKit2, by default, uses libcgmanager for resource management. This is a cool feature since you can create cgroups and control resource usage on a group or user base -- like granting real time privileges in a non-PAM system. I was not aware of this possibility...

On the other side, that means that a session managed by ConsoleKit will not obey to pam_limits, and its processes will not be permitted the escalate their rtprio. Obviously you can explicitly create a cgroup and fix the problem.

So, there are 2 ways out:

1. compile ConsoleKit2 with --disable-libcgmanager: this seems to me the best way to go in a PAM system. So my proposal is to amend the ConsoleKit2.SlackBuild:

Code:
# Choose correct options depending on whether PAM is installed:
if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
  PAM_OPTIONS="--enable-pam-module=yes --disable-libcgmanager"
  unset SHADOW_OPTIONS
else
  unset PAM_OPTIONS
  SHADOW_OPTIONS="--enable-pam-module=no"
fi
Probably adding "--enable-polkit" should also be considered.

2. Leave libcgmanager support in ConsoleKit2 and tell the user that pam_limits needs extra work if you want to use it with ConsoleKit2 -- which is excluded, according to /etc/pam.d/* only for sshd (why?).

Hope this helps.

andrea
 
4 members found this post helpful.
Old 02-14-2020, 05:00 PM   #70
igadoter
Senior Member
 
Registered: Sep 2006
Location: wroclaw, poland
Distribution: many, primary Slackware
Posts: 1,503
Blog Entries: 1

Rep: Reputation: Disabled
Quote:
Originally Posted by LuckyCyborg View Post
Probably, just likely Ubuntu or Fedora, in the future Slackware will not accept to set an user password as "password" or similar insecure ones.
Really? I found word foobar measured as middle quality password. In some serious place on net. Don't recall where actually. System is no more secure when admins stop to think.
 
Old 02-14-2020, 10:04 PM   #71
Richard Cranium
Senior Member
 
Registered: Apr 2009
Location: Carrollton, Texas
Distribution: Slackware64 14.2
Posts: 3,690

Rep: Reputation: 2027Reputation: 2027Reputation: 2027Reputation: 2027Reputation: 2027Reputation: 2027Reputation: 2027Reputation: 2027Reputation: 2027Reputation: 2027Reputation: 2027
NSFW. Or anywhere else, really.
(We are talking about passwords, right?)

https://www.youtube.com/watch?v=Mfav1udOVJo
 
2 members found this post helpful.
Old 02-14-2020, 11:26 PM   #72
upnort
Senior Member
 
Registered: Oct 2014
Distribution: Slackware, Proxmox, Debian, CentOS
Posts: 1,593

Rep: Reputation: 920Reputation: 920Reputation: 920Reputation: 920Reputation: 920Reputation: 920Reputation: 920Reputation: 920
Quote:
NSFW. Or anywhere else, really.
Hilarious! Thank you!
 
Old 02-15-2020, 03:59 AM   #73
gattocarlo
Member
 
Registered: Jan 2020
Posts: 30

Rep: Reputation: Disabled
cifs-utils should drop pam_cifscreds.so in /lib/security

I was trying to understand why pam_wkallet5 is not working and I found that cifs-utils drops pam_cifscreds.so in /usr/lib64/security whereas it should go in /lib/security.

so cifs-utils should be compiled with this configuration flag: --with-pamdir=/lib/security

hope this helps,

andrea
 
Old 02-15-2020, 05:17 AM   #74
GazL
LQ Guru
 
Registered: May 2008
Posts: 5,497
Blog Entries: 14

Rep: Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328Reputation: 3328
Shouldn't all the PAM modules be under /lib64/security on 64bit? If not, how is that going to work with a multilib system?

edit: I've asked in "requests for current" as it has greater visibility than this thread.

Last edited by GazL; 02-15-2020 at 05:33 AM.
 
Old 02-15-2020, 07:28 AM   #75
gattocarlo
Member
 
Registered: Jan 2020
Posts: 30

Rep: Reputation: Disabled
Quote:
Originally Posted by GazL View Post
Shouldn't all the PAM modules be under /lib64/security on 64bit? If not, how is that going to work with a multilib system?

edit: I've asked in "requests for current" as it has greater visibility than this thread.
at the present time pam is compiled with the "-enable-securedir=/lib/security" option.
 
  


Reply

Tags
kde, pam, slackware, xfce


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Current64 - Changes Wed Jan 9 03:21:06 UTC 2019 - cups and gutenprint burdi01 Slackware 1 01-11-2019 04:02 AM
[SOLVED] Wed Jun 13 05:43:00 UTC 2018 and Newer Current bare metal install? AlleyTrotter Slackware 28 06-24-2018 02:36 PM
slackware-current breakage of MTP after [Wed May 23 04:42:29 UTC 2018] update lord_ Slackware 6 06-13-2018 05:34 AM
[SOLVED] Centos7, invalid offset for UTC for Sweden, says UTC+00 Basher52 CentOS 14 02-09-2018 10:10 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 06:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration