Skip to content

PAM authentication fails in pam_loginuid.so #104

Description

@lukas-koschmieder

On my SystemdSpawner-based JupyterHub, PAM authentication fails with the following warning:

Mär 27 13:46:07 vm3 python[8780]: pam_loginuid(login:session): Error writing /proc/self/loginuid: Operation not permitted
Mär 27 13:46:07 vm3 python[8780]: pam_loginuid(login:session): set_loginuid failed

/var/log/auth.log:

Mar 27 13:46:07 vm3 python: pam_loginuid(login:session): Error writing /proc/self/loginuid: Operation not permitted
Mar 27 13:46:07 vm3 python: pam_loginuid(login:session): set_loginuid failed
Mar 27 13:46:07 vm3 python: pam_unix(login:session): session opened for user lukas by (uid=0)
Mar 27 13:46:07 vm3 systemd: pam_unix(systemd-user:session): session opened for user lukas by (uid=0)

JupyterHub runs as root on Ubuntu 20.04 LTS, and it has been installed via Miniconda3-py39_4.9.2-Linux-x86_64:

conda install -y jupyterhub=1.4.1 jupyter_core=4.9.1 jupyter_server=1.4.1 jupyter_client=7.0.1 ipykernel=6.4.1 notebook=6.4.0 oauthlib-3.1.1 ipython=7.29.0
conda install -c conda-forge -y jupyterhub-systemdspawner=0.15.0

It's worth adding that I have a similar setup (same operating system, same Miniconda version, same Conda packages), on which PAM authentication does work.

Both machines use the same PAM/Audit shared libraries (libpam0g 1.3.1, libaudit1 2.8.5) and the same Python wrapper (pamela 1.0.0). Also the PAM config in /etc/pam.d is identical on both machines.

I have temporarily disabled AppArmor to make sure that it does not interfer with the login procedure. SELinux is not installed.

As far as I can tell, the only difference between the two setups is the Linux Kernel: 5.4 (working setup) vs. 5.15 (brokensetup). However, I cannot find anything in the Linux kernel's changelog that would indicate any significant PAM-related changes.

Are you aware of issues related to PAM authentication?

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions