[CentOS] How do graphical admin tools requiring root get authentication?

Fri Mar 14 15:13:33 UTC 2014
Samuel Winchenbach <swinchen at gmail.com>

Hi Mike, thanks for the response.

Unfortunately this image is:
A) Aimed at those with very little Linux knowledge
B) Required to be accessible from multiple OSes with minimal client
installation.

Really I would like to either track down why the consolehelper/PAM
authentication does not work over xrdp (My next step is try straight vnc)
or find an alternate, yet seamless authentication method.

Thanks,
Sam

On Thu, Mar 13, 2014 at 2:07 PM, Mike Burger <mburger at bubbanfriends.org>wrote:

> > Hi All,
> >
> > I have created a CentOS 6.5 OpenStack image using kickstart.  I have
> > noticed that when connecting directly to the Virtual Machine's console
> > (think connecting directly to the physical machine) all of the
> > system-config, firewall configuration, application update and install GUI
> > applications work fine and prompt for root login when executed.  Hoever
> if
> > I connect to the VM using xrdp with a tiger-vncserver backend the apps
> > either do not work, or take several minutes to prompt for the root
> > password.
> >
> > Here is a post I made in the forums that has no response:
> >
> https://www.centos.org/forums/viewtopic.php?f=13&t=45307&sid=865afae345fe831c86661f5f264f9021
> >
> > It looks like my problem may be that when I do a ck-list-sessions the
> > device/terminal information does not seem to be known:
> >  Session2:
> >    unix-user = '500'
> >    realname = '(null)'
> >    seat = 'Seat2'
> >    session-type = ''
> >    active = FALSE
> >    x11-display = ''
> >    x11-display-device = ''
> >    display-device = ''
> >    remote-host-name = ''
> >    is-local = TRUE
> >    on-since = '2014-03-06T17:23:07.718097Z'
> >    login-session-id = '4294967295'
> >
> >
> > I have tried disabling selinux, modifying the startwm.sh script included
> > with xrdp to launch the session with "ck-launch-session gnome-session".
> >
> > Neither seem to help.
> >
> >
> > Does anyone have any idea what might be going, or an explanation of how
> > authentication works when one of these apps requires root permission?
>
> Most of the /usr/bin/system-config-* are symlinks to
> /usr/bin/consolehelper.
>
> My recommendation is, instead of trying to get a graphical console, SSH
> into the instance. You'll need to know/set a root password, have your SSH
> client configured to forward X11 (as well as the sshd on the remote VM),
> and be running an Xserver on your local system, but that way, you'll have
> the graphical version coming to you, directly. Because it's running via
> consolehelper, it will prompt you for the root user's password, and you'll
> be off to the races.
>
> --
> Mike Burger
> http://www.bubbanfriends.org
>
> "It's always suicide-mission this, save-the-planet that. No one ever just
> stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>