Cannot login on CentOS 7 with lightdm

I changed gdm, the default CentOS 7 desktop manager, because it was crashing frequently on machines with more than one GPU. I found out gdm didn’t know where to run when there was more than one graphic card. The problem is not affecting lightdm. To install it,

yum install lightdm
systemctl stop gdm.service
systemctl disable gdm.service
systemctl enable lightdm.service

Now we should have the lighdm. The pros: as I said, it doesn’t crash. The cons: sometimes after logging out you don’t get the login screen, but a mouse pointer on a dark surface, or on a blue one, depending on your desktop configuration. Restarting the lightdm service is giving you back your login screen.

systemctl restart lightdm.service

I guess you can do that via ssh.

Another issue is what I will call the lightdm session problem. Some background info: our users are identified by kerberos keys. After the restart of the lightdm service, one user log in, it seems to work, but you come back to the login screen. Why is that? Very simple: you don’t have the desktop keyring that lightdm is looking for. This screen dump will explain it, I think. We have two users, one is pepito and the other is juanito. Turns out that pepito can log in but juanito can’t.

systemctl status lightdm.service 
● lightdm.service - Light Display Manager
   Loaded: loaded (/usr/lib/systemd/system/lightdm.service; 
enabled; vendor preset: enabled)
   Active: active (running) since XX; 16min ago
     Docs: man:lightdm(1)
 Main PID: 43820 (lightdm)
   CGroup: /system.slice/lightdm.service
           ├─43820 /usr/sbin/lightdm
           ├─45323 /usr/bin/X -background none :0 
           └─47820 lightdm --session-child 13 20

date:machine lightdm[44338]: pam_unix(lightdm:auth): 
authentication failure; logname= uid=0 euid=0 tty=:0 
ruser= rhost=  user=pepito
date:machine lightdm[44338]: pam_krb5[44338]: 
TGT verified using key for 'host/myhost.mydomain'
date:machine lightdm[44338]: pam_krb5[44338]: 
authentication succeeds for 'pepito' (pepito@mydomain)
date:machine gnome-keyring-daemon[44358]: 
Gkm: using old keyring directory: /pepito/.gnome2/keyrings
date:machine gnome-keyring-daemon[44358]: 
failed to unlock login keyring on startup
date:machine lightdm[45339]: 
pam_unix(lightdm-greeter:session): 
session opened for user lightdm by (uid=0)
date:machine lightdm[47820]: pam_unix(lightdm:auth): 
authentication failure; logname= uid=0 euid=0 tty=:0 
ruser= rhost=  user=juanito
date:machine lightdm[47820]: pam_krb5[47820]: 
TGT verified using key for 'host/myhost@mydomain'
date:machine lightdm[47820]: pam_krb5[47820]: 
authentication succeeds for 'juanito' (juanito@mydomain)

You see what’s going on. Both users successfully log in. But the user pepito has an old keyring linked with the desktop, therefore he gets a desktop. On the other hand, juanito only logs in, without getting a desktop. If he chooses a desktop, he will manage to get it. On the status, it looks like this:

date:machine lightdm[6544]: pam_unix(lightdm-greeter:session): 
session opened for user lightdm by (uid=0)
date:machine lightdm[6730]: pam_unix(lightdm:auth): 
authentication failure; logname= uid=0 euid=0 tty=:0 
ruser= rhost=  user=juanito
date:machine lightdm[6730]: pam_krb5[6730]: 
TGT verified using key for 'host/myhost@mydomain'
date:machine lightdm[6730]: pam_krb5[6730]: 
authentication succeeds for 'juanito' (juanito@mydomain)'
date:machine lightdm[7674]: pam_unix(lightdm-greeter:session): 
session opened for user lightdm by (uid=0)

Long story short: you need to ask for it if you want something. In this case, your session. And look at the service status 🙂 no rocket science here!

Advertisements

About bitsanddragons

A traveller, an IT professional and a casual writer
This entry was posted in bits, centos, software. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s