Results 1 to 6 of 6

Thread: sshd: gkr-pam: unable to locate daemonn control file

  1. #1

    Default sshd: gkr-pam: unable to locate daemonn control file

    I upgraded two Opensuse machines to Leap 15.2 the other day and one of them is getting the error sshd: gkr-pam: unable to locate daemon control file every so often in /var/log/warn. It doesn't seem to be causing anything to fail but I would still like to find out what is wrong. I've found a number of references to this online but none of them have given anything that helps me directly and I couldn't find any that made reference to sshd.

  2. #2

    Default Re: sshd: gkr-pam: unable to locate daemonn control file

    I have a machine that has been upgraded multiple times from Leap 42.1 to 15.2 that showed this gkr-pam error for sshd and sudo too. The package gnome-keyring-pam that contains the lib pam_gnome_keyring.so is installed on this machine because i used GNOME sometimes in the past.The gkr-pam errors are related to pam_gnome_keyring.so. Since i do not use Gnome anymore i do not need a Gnome keyring so it is OK for me that there are no keyring related files. I have disabled pam_gnome_keyring.so in the file /etc/pam.d/common-auth

    Code:
    ..
    auth    required        pam_env.so       
    #auth   optional        pam_gnome_keyring.so 
    auth    required        pam_unix.so     try_first_pass 
    to suppress the annoying gkr.pam errors for ssh, sudo and some other tools i cannot remember anymore.

  3. #3
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    31,046
    Blog Entries
    15

    Default Re: sshd: gkr-pam: unable to locate daemonn control file

    Hi
    AFAIK it's related to kerberos. I see an old thread here: https://forums.opensuse.org/showthre...using-Kerberos
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  4. #4

    Default Re: sshd: gkr-pam: unable to locate daemonn control file

    Well at least not in my case because i have not installed the kerberos pam module.
    And if we look to the code of the gnome keyring pam module e.g. https://gitlab.gnome.org/GNOME/gnome...r-pam-module.c
    Code:
    static int
    stop_daemon (pam_handle_t *ph,
                 struct passwd *pwd)
    {
        char control[MAX_CONTROL_SIZE];
        int res;
    
        assert (pwd);
    
        res = get_control_file(ph, control);
        if (res != GKD_CONTROL_RESULT_OK) {
            syslog (GKR_LOG_ERR, "gkr-pam: unable to locate daemon control file");
            return PAM_SERVICE_ERR;
        }
    
    ...
    we see the error messages. The get_control_file function checks the environment variables ENV_CONTROL or if this is null XDG_RUNTIME_DIR and if the affected processes (sshd and so on) do not have this in their environment (and this is the case at least on my machine) then pam_gnome_keyring.so complains. As I have said the installation of my machine is old and has been updated to new Leap versions many times maybe the missing environment variables are related to this fact. But if the variables are set in the environment e.g for sshd i am rather sure the error messages would not occur. But since i do not use the gnome keyring tweaking the environment is to much effort for me.
    Code:
    /* control must be at least MAX_CONTROL_SIZE */
    static int
    get_control_file (pam_handle_t *ph, char *control)
    {
        const char *control_root;
        const char *suffix;
    
        control_root = get_any_env (ph, ENV_CONTROL);
        if (control_root == NULL) {
            control_root = get_any_env (ph, "XDG_RUNTIME_DIR");
            if (control_root == NULL)
                return GKD_CONTROL_RESULT_NO_DAEMON;
            suffix = "/keyring/control";
        } else {
            suffix = "/control";
        }
    
        if (strlen (control_root) + strlen (suffix) + 1 > MAX_CONTROL_SIZE) {
            syslog (GKR_LOG_ERR, "gkr-pam: address is too long for unix socket path: %s/%s",
                control, suffix);
            return GKD_CONTROL_RESULT_FAILED;
        }
    
        strcpy (control, control_root);
        strcat (control, suffix);
    
        return GKD_CONTROL_RESULT_OK;
    }

  5. #5
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    31,046
    Blog Entries
    15

    Default Re: sshd: gkr-pam: unable to locate daemonn control file

    Hi
    Have you run rpmconfigcheck lately?
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  6. #6

    Default Re: sshd: gkr-pam: unable to locate daemonn control file

    Thanks for the responses. I think this may be because I had gnome installed at some point in the distant past. I have removed gnome-keyring-pam and that seems to have stopped the messages.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •