On my SystemdSpawner-based JupyterHub, PAM authentication fails with the following warning:
Mär 27 13:46:07 vm3 python[8780]: pam_loginuid(login:session): Error writing /proc/self/loginuid: Operation not permitted
Mär 27 13:46:07 vm3 python[8780]: pam_loginuid(login:session): set_loginuid failed
/var/log/auth.log:
Mar 27 13:46:07 vm3 python: pam_loginuid(login:session): Error writing /proc/self/loginuid: Operation not permitted
Mar 27 13:46:07 vm3 python: pam_loginuid(login:session): set_loginuid failed
Mar 27 13:46:07 vm3 python: pam_unix(login:session): session opened for user lukas by (uid=0)
Mar 27 13:46:07 vm3 systemd: pam_unix(systemd-user:session): session opened for user lukas by (uid=0)
JupyterHub runs as root on Ubuntu 20.04 LTS, and it has been installed via Miniconda3-py39_4.9.2-Linux-x86_64:
conda install -y jupyterhub=1.4.1 jupyter_core=4.9.1 jupyter_server=1.4.1 jupyter_client=7.0.1 ipykernel=6.4.1 notebook=6.4.0 oauthlib-3.1.1 ipython=7.29.0
conda install -c conda-forge -y jupyterhub-systemdspawner=0.15.0
It's worth adding that I have a similar setup (same operating system, same Miniconda version, same Conda packages), on which PAM authentication does work.
Both machines use the same PAM/Audit shared libraries (libpam0g 1.3.1, libaudit1 2.8.5) and the same Python wrapper (pamela 1.0.0). Also the PAM config in /etc/pam.d is identical on both machines.
I have temporarily disabled AppArmor to make sure that it does not interfer with the login procedure. SELinux is not installed.
As far as I can tell, the only difference between the two setups is the Linux Kernel: 5.4 (working setup) vs. 5.15 (brokensetup). However, I cannot find anything in the Linux kernel's changelog that would indicate any significant PAM-related changes.
Are you aware of issues related to PAM authentication?
On my SystemdSpawner-based JupyterHub, PAM authentication fails with the following warning:
/var/log/auth.log:
JupyterHub runs as
rooton Ubuntu 20.04 LTS, and it has been installed via Miniconda3-py39_4.9.2-Linux-x86_64:It's worth adding that I have a similar setup (same operating system, same Miniconda version, same Conda packages), on which PAM authentication does work.
Both machines use the same PAM/Audit shared libraries (
libpam0g1.3.1,libaudit12.8.5) and the same Python wrapper (pamela1.0.0). Also the PAM config in/etc/pam.dis identical on both machines.I have temporarily disabled AppArmor to make sure that it does not interfer with the login procedure. SELinux is not installed.
As far as I can tell, the only difference between the two setups is the Linux Kernel: 5.4 (working setup) vs. 5.15 (brokensetup). However, I cannot find anything in the Linux kernel's changelog that would indicate any significant PAM-related changes.
Are you aware of issues related to PAM authentication?