On Feb 5, 2014 6:23 PM, "walt" <w41ter@gmail.com> wrote:
[ snip ]
> I am seat0 (I forgot about loginctl, thanks) but I'm not sure what you
> mean by "enabled in /etc/pam.d".  Many months ago I remember being confused
> by the last line of system-auth:
>
> #cat /etc/pam.d/system-auth
> auth            required        pam_env.so
> auth            sufficient      pam_ssh.so
> auth            required        pam_unix.so try_first_pass likeauth nullok
> auth            optional        pam_permit.so
>
> account         required        pam_unix.so
> account         optional        pam_permit.so
>
> password        required        pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
> password        required        pam_unix.so try_first_pass use_authtok nullok sha512 shadow
> password        optional        pam_permit.so
>
> session         optional        pam_ssh.so
> session         required        pam_limits.so
> session         required        pam_env.so
> session         required        pam_unix.so
> session         optional        pam_permit.so
> -session        optional        pam_systemd.so
>
> I don't understand the meaning of the '-' in the last line.  I didn't
> put it there, except possibly by accident when falling asleep at the
> keyboard :)

The - is to make it optional; if the pam_systemd.so module is not available, the - makes it so it is not a failure.

I'm more concerned about you being seat0, and you being asked for a password. In theory that's what logind solves, and in a much more cleaner, race-free and deterministic way than ConsoleKit.

Do you have systemd with the policykit USE flag? And polkit with the systemd USE flag? (I suppose the later must have it).

If you do, can you please show us the output (make sure to do this inside your DE session) from: