Bug 981013

Summary: new user with encrypted home directory cannot login at graphical console 7
Product: [openSUSE] openSUSE Distribution Reporter: Karl Thomas Schmidt <karl.thomas.schmidt>
Component: KDE Workspace (Plasma)Assignee: E-Mail List <opensuse-kde-bugs>
Status: RESOLVED DUPLICATE QA Contact: E-mail List <qa-bugs>
Severity: Minor    
Priority: P5 - None CC: bequimao.de, wbauer
Version: Leap 42.1   
Target Milestone: ---   
Hardware: Other   
OS: openSUSE 42.1   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Karl Thomas Schmidt 2016-05-22 01:59:31 UTC 
Create a new user in YaST nd click checkbox "encrypted home".
Try now to log in as this new user.
After a short while you are thrown back to login screen.

Nothing shows up in journalctl except for a timeout.
Error message states that a key is ignored.

Workaround:
Just login at console 1 (ctrl+alt+f1), then switch to console 7.
Login at console 7 into DE now works.

This has to be done only one time.
After this login works as expected
Comment 1 Karl Thomas Schmidt 2016-05-22 13:04:42 UTC 
Some folks reported that they have to login always at console1 to get it to work
Comment 2 Wolfgang Bauer 2017-04-12 18:50:49 UTC 
Sound exactly like bug#954419 and bug#981013...

This should help:
(In reply to David Kerkhof from comment #10)
> I fixed the problem by changing /etc/pam.d/sddm to
> 
> auth     optional       pam_mount.so
> auth     include        common-auth
> account  include        common-account
> password include        common-password
> session  required       pam_loginuid.so
> session  include        common-session
> session  optional       pam_cryptpass.so
> session  optional       pam_mount.so
> 
> The first line and last two lines were added, and since then I was able to
> log in. 

I'm marking this as duplicate, please feel free to reopen if you disagree.

*** This bug has been marked as a duplicate of bug 954419 ***
Comment 3 Wolfgang Bauer 2017-04-12 18:54:17 UTC 
PS: Actually, running "pam-config --service sddm -a --mount" should be sufficient too it seems, no need to edit /etc/pam.d/sddm...