I’m having an issue getting PAM based user logins to work in v20.01. The problem has to do with Galaxy not having sufficient permissions to create a new user account folder.
For some unknown reason, it wants to append our org’s domain to the user folder. This is unnecessary because the correctly named username folder (sans suffix) already exists in /home. I’ve tested manually creating the fully qualified folder prior to login and it works.
galaxy.log:
galaxy.webapps.galaxy.controllers.user DEBUG 2020-05-29 13:15:34,638 [p:93475,w:1,m:0] [uWSGIWorker1Core2] trans.app.config.auth_config_file: /hpc/software/installed/galaxy/20.01/config/auth_conf.xml
galaxy.auth.providers.pam_auth DEBUG 2020-05-29 13:15:34,639 [p:93475,w:1,m:0] [uWSGIWorker1Core2] use username: True use email False email None username test.user
galaxy.auth.providers.pam_auth DEBUG 2020-05-29 13:15:34,639 [p:93475,w:1,m:0] [uWSGIWorker1Core2] PAM auth: will use external helper: False
galaxy.auth.providers.pam_auth DEBUG 2020-05-29 13:15:34,951 [p:93475,w:1,m:0] [uWSGIWorker1Core2] PAM authentication successful for test.user
galaxy.auth.util DEBUG 2020-05-29 13:15:34,955 [p:93475,w:1,m:0] [uWSGIWorker1Core2] Email: test.user@domain.com, auto-register with username: test.user
galaxy.web.framework.decorators ERROR 2020-05-29 13:15:35,102 [p:93475,w:1,m:0] [uWSGIWorker1Core2] Uncaught exception in exposed API method:
Traceback (most recent call last):
File “lib/galaxy/web/framework/decorators.py”, line 282, in decorator
rval = func(self, trans, *args, **kwargs)
File “lib/galaxy/webapps/galaxy/controllers/user.py”, line 122, in login
return self.__validate_login(trans, payload, **kwd)
File “lib/galaxy/webapps/galaxy/controllers/user.py”, line 147, in __validate_login
message, user = self.__autoregistration(trans, login, password)
File “lib/galaxy/webapps/galaxy/controllers/user.py”, line 105, in __autoregistration
trans.handle_user_login(user)
File “lib/galaxy/web/framework/webapp.py”, line 720, in handle_user_login
self.user_checks(user)
File “lib/galaxy/web/framework/webapp.py”, line 665, in user_checks
self.check_user_library_import_dir(user)
File “lib/galaxy/web/framework/webapp.py”, line 657, in check_user_library_import_dir
safe_makedirs(os.path.join(self.app.config.user_library_import_dir, user.email))
File “lib/galaxy/util/path/init.py”, line 114, in safe_makedirs
makedirs(path)
File “/hpc/software/installed/galaxy/20.01/.venv/lib64/python3.6/os.py”, line 220, in makedirs
mkdir(name, mode)
PermissionError: [Errno 13] Permission denied: ‘/home/test.user@domain.com’
auth_conf.xml:
<?xml version=“1.0”?>
<auth>
<authenticator>
<type>PAM</type>
<options>
<auto-register>True</auto-register>
<maildomain>domain.com</maildomain>
<login-use-username>True</login-use-username>
<pam-service>sshd</pam-service>
</options>
</authenticator>
</auth>
sssd.conf:
[sssd]
domains = domain.com
config_file_version = 2
services = nss, pam, sudo
[domain/domain.com]
ad_domain = domain.com
krb5_realm = DOMAIN.COM
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_sasl_authid = galaxy1$
ldap_id_mapping = False
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = simple
simple_allow_groups = Group1, Group2
Anyone able to point me in the right direction?
Thanks.