CentOS - Mar 2014 - How do graphical admin tools requiring root get authentication?

Hi All,

I have created a CentOS 6.5 OpenStack image using kickstart.  I have
noticed that when connecting directly to the Virtual Machine's console
(think connecting directly to the physical machine) all of the
system-config, firewall configuration, application update and install GUI
applications work fine and prompt for root login when executed.  Hoever if
I connect to the VM using xrdp with a tiger-vncserver backend the apps
either do not work, or take several minutes to prompt for the root
password.

Here is a post I made in the forums that has no response:
https://www.centos.org/forums/viewtopic.php?f=13&t=45307&sid=865afae345fe831c86661f5f264f9021

It looks like my problem may be that when I do a ck-list-sessions the
device/terminal information does not seem to be known:
 Session2:
   unix-user = '500'
   realname = '(null)'
   seat = 'Seat2'
   session-type = ''
   active = FALSE
   x11-display = ''
   x11-display-device = ''
   display-device = ''
   remote-host-name = ''
   is-local = TRUE
   on-since = '2014-03-06T17:23:07.718097Z'
   login-session-id = '4294967295'


I have tried disabling selinux, modifying the startwm.sh script included
with xrdp to launch the session with "ck-launch-session
gnome-session".

Neither seem to help.


Does anyone have any idea what might be going, or an explanation of how
authentication works when one of these apps requires root permission?

Thanks!

Sam

> Hi All,
>
> I have created a CentOS 6.5 OpenStack image using kickstart.  I have
> noticed that when connecting directly to the Virtual Machine's console
> (think connecting directly to the physical machine) all of the
> system-config, firewall configuration, application update and install GUI
> applications work fine and prompt for root login when executed.  Hoever if
> I connect to the VM using xrdp with a tiger-vncserver backend the apps
> either do not work, or take several minutes to prompt for the root
> password.
>
> Here is a post I made in the forums that has no response:
>
https://www.centos.org/forums/viewtopic.php?f=13&t=45307&sid=865afae345fe831c86661f5f264f9021
>
> It looks like my problem may be that when I do a ck-list-sessions the
> device/terminal information does not seem to be known:
>  Session2:
>    unix-user = '500'
>    realname = '(null)'
>    seat = 'Seat2'
>    session-type = ''
>    active = FALSE
>    x11-display = ''
>    x11-display-device = ''
>    display-device = ''
>    remote-host-name = ''
>    is-local = TRUE
>    on-since = '2014-03-06T17:23:07.718097Z'
>    login-session-id = '4294967295'
>
>
> I have tried disabling selinux, modifying the startwm.sh script included
> with xrdp to launch the session with "ck-launch-session
gnome-session".
>
> Neither seem to help.
>
>
> Does anyone have any idea what might be going, or an explanation of how
> authentication works when one of these apps requires root permission?
Most of the /usr/bin/system-config-* are symlinks to /usr/bin/consolehelper.

My recommendation is, instead of trying to get a graphical console, SSH
into the instance. You'll need to know/set a root password, have your SSH
client configured to forward X11 (as well as the sshd on the remote VM),
and be running an Xserver on your local system, but that way, you'll have
the graphical version coming to you, directly. Because it's running via
consolehelper, it will prompt you for the root user's password, and
you'll
be off to the races.

-- 
Mike Burger
http://www.bubbanfriends.org

"It's always suicide-mission this, save-the-planet that. No one ever
just
stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1

On 03/12/2014 03:18 PM, Samuel Winchenbach wrote:
>
> I have tried disabling selinux, modifying the startwm.sh script included
> with xrdp to launch the session with "ck-launch-session
gnome-session".
>
> Neither seem to help.
>
>
> Does anyone have any idea what might be going, or an explanation of how
> authentication works when one of these apps requires root permission?
try using beesu, I think it is in EPEL.


-- 

Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe

Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant