OpenSUSE Tumbleweed: cannot find the credential public key for this user

[derkoe]

When you run WSL Hello with OpenSUSE Tumbleweed it results in an error:

❯ su
WSL Hello error: cannot find the credential public key for this user
Password:

[derkoe]

I have further debugged this and the reason for this is that get_user returns root as the user. When i hard-code my user then everything works as expected.

Instead of:

WSL-Hello-sudo/wsl_hello_pam/src/auth.rs

Line 188 in 75ea67c

let user_name = get_user(pamh, None).map_err(HelloAuthenticationError::GetUserError)?;

this:

let user_name = "me";

[derkoe]

BTW this is the the for sudo:

$ cat /usr/etc/pam.d/sudo

#%PAM-1.0
auth       sufficient pam_wsl_hello.so
auth     include        common-auth
account  include        common-account
password include        common-password
session  optional       pam_keyinit.so revoke
session  include        common-session
# session  optional       pam_xauth.so

You can add the same first line to sudo-i and su files as well.

[Cu3PO42]

I assume this is because openSUSE by default configures sudo to ask for the root password, rather than the password of your user. You can adjust this in your sudoers file by commenting out the following lines:

Defaults targetpw   # ask for the password of the target user i.e. root
ALL   ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults targetpw'!

You will also need to uncomment the line

# %wheel ALL=(ALL) NOPASSWD: ALL

and add your user to the wheel group. Otherwise you will not be able to sudo anymore. I recommend not messing with the su configuration at the same time so you don't lock yourself out.

[derkoe]

Thx @Cu3PO42 - this worked.

So the short version for openSUSE is:

1. Add your user to the wheel group (and also create the wheel group if not exists)
2. Comment the two lines in /etc/sudoers

   Defaults targetpw   # ask for the password of the target user i.e. root
   ALL   ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults targetpw'!
   

   and remove the comment from this line:

   # %wheel ALL=(ALL) NOPASSWD: ALL
   

3. Run the install.sh script as described in the README.md
4. When asked for the "PAM module's directory" dir enter /usr/lib64/security/
5. Insert the following line on top of /usr/etc/pam.d/sudo and /usr/etc/pam.d/sudo-i

   auth       sufficient pam_wsl_hello.so
   

[wzf03]

Thx @Cu3PO42 - this worked.

So the short version for openSUSE is:

1. Add your user to the wheel group (and also create the wheel group if not exists)

2. Comment the two lines in `/etc/sudoers`
   ```
   Defaults targetpw   # ask for the password of the target user i.e. root
   ALL   ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults targetpw'!
   ```
   
   
       
         
       
   
         
       
   
       
     
   and remove the comment from this line:
   ```
   # %wheel ALL=(ALL) NOPASSWD: ALL
   ```

3. Run the install.sh script as described in the [README.md](https://github.com/nullpo-head/WSL-Hello-sudo#installation-and-configuration)

4. When asked for the "PAM module's directory" dir enter `/usr/lib64/security/`

5. Insert the following line on top of /usr/etc/pam.d/sudo and /usr/etc/pam.d/sudo-i
   ```
   auth       sufficient pam_wsl_hello.so
   ```

And th /usr/etc/pam.d/ has been moved to /usr/lib/pam.d now.