I have created a few users with Systemd-Homed, but they all seem to encounter the same issue: when I submit the login password into GDM, the first submission is ignored. By “ignored” I mean that the password field resets and I do not receive any error messages. Regardless if I submit an incorrect password on the first attempt, the field resets, and I do not get any error feedback.
The second attempt always works. I suspect it is related to a PAM configuration, but I am not having any luck identifying a solution. After I am logged in, everything works fine. Home-folder mounts and I have correct permissions to my files.
Steps to create users:
authselect enable-feature with-systemd-homed
homectl create barnabas --uid=1000 --real-name=Barnabas --member-of=wheel --storage=luks
The first user above was an account that I migrated. So, afterward, I used homectl with foobar -- rsync ...
to sync files over.
Afterward, I have created additional user accounts for the sake of debugging. These user’s encounter the same issues.
Logs
In the logs below, the following actions are taken:
- Boot Silverblue
- Attempt login with “barnabas”
- First login attempt is ignored/reset without any error feedback (typical!)
- Second login is successful
-- Boot 62485cc820014bcea6bdcb10c5ef42d1 --
Jun 04 13:58:51 fw0 systemd[1]: Starting systemd-homed.service - Home Area Manager...
Jun 04 13:58:51 fw0 systemd-homed[1331]: Successfully loaded private key pair.
Jun 04 13:58:51 fw0 systemd-homed[1331]: Watching /home.
Jun 04 13:58:51 fw0 systemd-homed[1331]: User record testuser.identity is signed only by us, accepting.
Jun 04 13:58:51 fw0 systemd-homed[1331]: Added registered home for user testuser.
Jun 04 13:58:51 fw0 systemd-homed[1331]: User record barnabas.identity is signed only by us, accepting.
Jun 04 13:58:51 fw0 systemd-homed[1331]: Added registered home for user barnabas.
Jun 04 13:58:51 fw0 systemd[1]: Started systemd-homed.service - Home Area Manager.
Jun 04 13:59:40 fw0 systemd-homed[1331]: barnabas: changing state inactive → activating-for-acquire
Jun 04 13:59:40 fw0 systemd-homework[2488]: None of the supplied plaintext passwords unlock the user record's hashed passwords.
Jun 04 13:59:40 fw0 systemd-homed[1331]: Activation failed: Password for home barnabas is incorrect or not sufficient for authentication.
Jun 04 13:59:40 fw0 systemd-homed[1331]: barnabas: changing state activating-for-acquire → inactive
Jun 04 13:59:40 fw0 systemd-homed[1331]: Got notification that all sessions of user barnabas ended, deactivating automatically.
Jun 04 13:59:40 fw0 systemd-homed[1331]: Home barnabas already deactivated, no automatic deactivation needed.
Jun 04 13:59:48 fw0 systemd-homed[1331]: barnabas: changing state inactive → activating-for-acquire
Jun 04 13:59:48 fw0 systemd-homework[2494]: Provided password unlocks user record.
Jun 04 13:59:48 fw0 systemd-homework[2494]: Successfully locked image file '/home/barnabas.home'.
Jun 04 13:59:48 fw0 systemd-homework[2494]: Allocated additional 72G.
Jun 04 13:59:48 fw0 systemd-homework[2494]: Setting up loopback device /dev/loop0 completed.
Jun 04 13:59:49 fw0 systemd-homework[2494]: Setting up LUKS device /dev/mapper/home-barnabas completed.
Jun 04 13:59:49 fw0 systemd-homework[2494]: Provided password unlocks user record.
Jun 04 13:59:49 fw0 systemd-homework[2494]: Probing file system completed (found btrfs).
Jun 04 13:59:49 fw0 systemd-homework[2494]: File system check completed.
Jun 04 13:59:49 fw0 systemd-homework[2494]: Mounting file system completed.
Jun 04 13:59:49 fw0 systemd-homework[2494]: Image size already matching, skipping operation.
Jun 04 13:59:49 fw0 systemd-homework[2494]: Read embedded .identity file.
Jun 04 13:59:49 fw0 systemd-homework[2494]: Provided password unlocks user record.
Jun 04 13:59:49 fw0 systemd-homework[2494]: Reconciling user identities completed (host and header version were identical).
Jun 04 13:59:49 fw0 systemd-homework[2494]: Reconciling embedded user identity completed (host and embedded version were identical).
Jun 04 13:59:49 fw0 systemd-homework[2494]: Recursive changing of ownership not necessary, skipped.
Jun 04 13:59:49 fw0 systemd-homework[2494]: Synchronized disk.
Jun 04 13:59:49 fw0 systemd-homework[2494]: Moving to final mount point /home/barnabas completed.
Jun 04 13:59:49 fw0 systemd-homework[2494]: Activation completed.
Jun 04 13:59:49 fw0 systemd-homework[2494]: Image size is 118.8G, file system size is 118.8G, file system payload size is 118.8G, file system free is 72G.
Jun 04 13:59:49 fw0 systemd-homed[1331]: Home barnabas is signed exclusively by our key, accepting.
Jun 04 13:59:49 fw0 systemd-homed[1331]: barnabas: changing state activating-for-acquire → active
I have read a few forums with similar issues described. They suggested changes to /etc/pam.d/system-auth
, however, I have not had any luck yet. However, considering that authselect
already configured my PAM “correctly” I am at a loss. Feedback appreciated.