View Issue Details

IDProjectCategoryView StatusLast Update
0005657CentOS-6gdmpublic2012-06-16 18:52
Reporterjohndaniel 
PrioritynormalSeveritymajorReproducibilityalways
Status newResolutionopen 
PlatformVMwareOSCentOSOS Version6.2
Product Version6.2 
Target VersionFixed in Version 
Summary0005657: XAuth issue when connecting via VNC
DescriptionDear community,

I have just upgraded from CentOS 5.8 to 6.2. The new GDM is causing some troubles when connecting via VNC concerning xauth / root operations. Locally everything works properly, starting a root-configuration pane I get asked for the password and the window starts after successful authentication.
However, it seems that some environment variables are not set properly when connecting via VNC, because when doing the same on my gdm-session started via VNC, I need to type in the sudo-password as used to it, but nothing gets displayed afterwards. After debugging I found out that the new session is not allowed to connect to the window manager, so it seems that something concerning the mit-magic-session-cokie or xauth stuff is not handed over correctly within the environment.

Interesting: Before the upgrade to CentOs 6 everything worked properly! I still have the old backup and compared almost everything twice, with no difference found.

My configuration (see configs in additional info):
- xinetd starting VNC server
- GDM as window manager / greeter

The same behavior can be reproduced when performing a "su" on the xterminal. Locally I can start any X-based application after doing su, remote I cannot. See in reproduce the outputs of env when running locally/remote.

Definitely there is some issue with xauthority, because when I perform a xauth + 127.0.0.1 before performing su I can circumvent the issue: it allows all connections from localhost to display graphics on my current xsession. But this is not a good workaround for a terminal server system.

Any help appreciated !

Regards,

Daniel
Steps To ReproduceJust login once locally, once remote:
1. start a terminal, try running the command xterminal, close the newly opened terminal,
2. perform a su, try running the command xterminal again

If you then compare the output of env in the different context, you see de following diffs for locally initiated sessions (working) / remote (not working), most important in my opinion is the XAUTHORITY variable which is missing when performing su on a remotely initiated session:

env-local.txt:XDG_SESSION_COOKIE=39da1ccdbf8d32a114377ca300000011-1332325396.565055-616276891
env-local.txt:WINDOWID=31457284
env-local.txt:SSH_AUTH_SOCK=/tmp/keyring-zDnGUM/socket.ssh
env-local.txt:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/882,unix/unix:/tmp/.ICE-unix/882
env-local.txt:GDM_KEYBOARD_LAYOUT=de nodeadkeys
env-local.txt:GNOME_KEYRING_PID=873
env-local.txt:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-emuh7FIpDt,guid=745fabb2a2ef95a8a61d23b700000a8c
env-local.txt:WINDOWPATH=7
env-local.txt:DISPLAY=:0.0

env-local-su.txt:XDG_SESSION_COOKIE=39da1ccdbf8d32a114377ca300000011-1332325396.565055-616276891
env-local-su.txt:WINDOWID=31457284
env-local-su.txt:SSH_AUTH_SOCK=/tmp/keyring-zDnGUM/socket.ssh
env-local-su.txt:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/882,unix/unix:/tmp/.ICE-unix/882
env-local-su.txt:GDM_KEYBOARD_LAYOUT=de nodeadkeys
env-local-su.txt:GNOME_KEYRING_PID=873
env-local-su.txt:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-emuh7FIpDt,guid=745fabb2a2ef95a8a61d23b700000a8c
env-local-su.txt:WINDOWPATH=7
env-local-su.txt:DISPLAY=:0.0

env-remote.txt:XDG_SESSION_COOKIE=39da1ccdbf8d32a114377ca300000011-1332324136.222129-1238579421
env-remote.txt:WINDOWID=41951030
env-remote.txt:SSH_AUTH_SOCK=/tmp/keyring-IzLZtp/socket.ssh
env-remote.txt:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/7007,unix/unix:/tmp/.ICE-unix/7007
env-remote.txt:GDM_KEYBOARD_LAYOUT=us
env-remote.txt:GNOME_KEYRING_PID=6998
env-remote.txt:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-Ju9SwHe6zr,guid=7d22fd2b9247dbb736b3da94000005a0
env-remote.txt:DISPLAY=:2.0

env-remote-su.txt:XDG_SESSION_COOKIE=39da1ccdbf8d32a114377ca300000011-1332324136.222129-1238579421
env-remote-su.txt:WINDOWID=41956632
env-remote-su.txt:SSH_AUTH_SOCK=/tmp/keyring-IzLZtp/socket.ssh
env-remote-su.txt:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/7007,unix/unix:/tmp/.ICE-unix/7007
env-remote-su.txt:GDM_KEYBOARD_LAYOUT=us
env-remote-su.txt:GNOME_KEYRING_PID=6998
env-remote-su.txt:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-Ju9SwHe6zr,guid=7d22fd2b9247dbb736b3da94000005a0
env-remote-su.txt:DISPLAY=:2.0
Additional InformationSee below my xinetd configuration as well as my gdmcustom.conf modification
_________
service vnc-1024x768x16
{
        disable = no
        socket_type = stream
        wait = no
        user = nobody
        group = tty
        server = /usr/bin/vncts
        server_args = -geometry 1024x768 -depth 16
        # restrict to localhost for ssh encrytped forwarding
        bind = 127.0.0.1
}
___________

[daemon]
RemoteGreeter=/usr/libexec/gdmgreeter

[security]
DisallowTCP=false
________________________________
TagsNo tags attached.

Activities

johndaniel

johndaniel

2012-04-12 13:39

reporter   ~0014818

Sorry, my grep did not include XAUTHORITY, so for reproducing, please see the corrected output here:

env-local.txt:XDG_SESSION_COOKIE=39da1ccdbf8d32a114377ca300000011-1332325396.565055-616276891
env-local.txt:WINDOWID=31457284
env-local.txt:SSH_AUTH_SOCK=/tmp/keyring-zDnGUM/socket.ssh
env-local.txt:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/882,unix/unix:/tmp/.ICE-unix/882
env-local.txt:GDM_KEYBOARD_LAYOUT=de nodeadkeys
env-local.txt:GNOME_KEYRING_PID=873
env-local.txt:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-emuh7FIpDt,guid=745fabb2a2ef95a8a61d23b700000a8c
env-local.txt:WINDOWPATH=7
env-local.txt:DISPLAY=:0.0
env-local.txt:XAUTHORITY=/var/run/gdm/auth-for-test-jw8Hun/database


env-local-su.txt:XDG_SESSION_COOKIE=39da1ccdbf8d32a114377ca300000011-1332325396.565055-616276891
env-local-su.txt:WINDOWID=31457284
env-local-su.txt:SSH_AUTH_SOCK=/tmp/keyring-zDnGUM/socket.ssh
env-local-su.txt:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/882,unix/unix:/tmp/.ICE-unix/882
env-local-su.txt:GDM_KEYBOARD_LAYOUT=de nodeadkeys
env-local-su.txt:GNOME_KEYRING_PID=873
env-local-su.txt:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-emuh7FIpDt,guid=745fabb2a2ef95a8a61d23b700000a8c
env-local-su.txt:WINDOWPATH=7
env-local-su.txt:DISPLAY=:0.0
env-local-su.txt:XAUTHORITY=/root/.xauthZ650Z4

env-remote.txt:XDG_SESSION_COOKIE=39da1ccdbf8d32a114377ca300000011-1332324136.222129-1238579421
env-remote.txt:WINDOWID=41951030
env-remote.txt:SSH_AUTH_SOCK=/tmp/keyring-IzLZtp/socket.ssh
env-remote.txt:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/7007,unix/unix:/tmp/.ICE-unix/7007
env-remote.txt:GDM_KEYBOARD_LAYOUT=us
env-remote.txt:GNOME_KEYRING_PID=6998
env-remote.txt:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-Ju9SwHe6zr,guid=7d22fd2b9247dbb736b3da94000005a0
env-remote.txt:DISPLAY=:2.0
env-remote.txt:XAUTHORITY=/var/run/gdm/auth-for-test-3BKlWD/database

env-remote-su.txt:XDG_SESSION_COOKIE=39da1ccdbf8d32a114377ca300000011-1332324136.222129-1238579421
env-remote-su.txt:WINDOWID=41956632
env-remote-su.txt:SSH_AUTH_SOCK=/tmp/keyring-IzLZtp/socket.ssh
env-remote-su.txt:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/7007,unix/unix:/tmp/.ICE-unix/7007
env-remote-su.txt:GDM_KEYBOARD_LAYOUT=us
env-remote-su.txt:GNOME_KEYRING_PID=6998
env-remote-su.txt:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-Ju9SwHe6zr,guid=7d22fd2b9247dbb736b3da94000005a0
env-remote-su.txt:DISPLAY=:2.0
herrold

herrold

2012-04-12 13:51

reporter   ~0014822

you were in the IRC channel yesterday and referred to, and repeated back:
14:32 azathoth99> http://wiki.centos.org/HowTos/VNC-Server?highlight=%28vnc%29

what part of that is unclear?
johndaniel

johndaniel

2012-04-12 15:09

reporter   ~0014823

Erm, no, I was not in the IRC. I had posted my issue in the forum and was proposed to post it in the bug tracker. See https://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_id=36758&forum=56

However, I'm not using a fixed user VNC server, I have a terminal-server-like vnc server running with gdm-greeter, so that any user might connect to this vnc-port and perform a login like on the local machine. The How-To you are referencing does not cover this functionality.
johndaniel

johndaniel

2012-04-12 15:17

reporter   ~0014824

Ok, sorry at point 5 in the how-to a short reference using vnc-ltsp-config is in. Exactly this package is used as basis. I explained above exactly the changes I did for using vncts - see my "reprocung" comment. Nothing else than vnc-ltsp-config.
johndaniel

johndaniel

2012-04-12 15:35

reporter   ~0014825

The xinetd configuration above was from CentOS 5. The xinetd configuration in CentOS 6 is shown as follows:

service vnc-1024x768x16
{
        disable = no
       protocol = tcp
       socket_type = stream
       wait = no
       user = nobody
       server = /usr/bin/Xvnc
       server_args = -inetd -query localhost -once -geometry 1024x768 -depth 16 SecurityTypes=None
       only_from = 127.0.0.1
       port = 5900
}
mrf

mrf

2012-04-25 16:56

reporter   ~0014939

It turned out to be exactly the same problem to me, too, as johndaniel tried to describe. Just the vnc-ltsp-config rpm is not used anymore with CentOS 6?! I fear it might be a bug emerging from RHEL already as it is the same behavior on RHEL 6.x
mrf

mrf

2012-06-16 13:56

reporter   ~0015274

As I did not see any response so far I would like to ask if this not unimportant issue is planned to become investigated?
tigalch

tigalch

2012-06-16 18:52

manager   ~0015275

If you experience the same bug in RHEL 6 plese be so kind a file a bug report at https://bugzilla.redhat.com.
If the bug is there in the upstream release at will also be there in CentOS 6.

Issue History

Date Modified Username Field Change
2012-04-12 13:34 johndaniel New Issue
2012-04-12 13:39 johndaniel Note Added: 0014818
2012-04-12 13:51 herrold Note Added: 0014822
2012-04-12 15:09 johndaniel Note Added: 0014823
2012-04-12 15:17 johndaniel Note Added: 0014824
2012-04-12 15:35 johndaniel Note Added: 0014825
2012-04-25 16:56 mrf Note Added: 0014939
2012-06-16 13:56 mrf Note Added: 0015274
2012-06-16 18:52 tigalch Note Added: 0015275