X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/b694b711c69fdfd46b6732a6d6c67e37951dab39..c9ba0f292c708d30a182343fec460aa5c48b4af3:/lib/pam/pam_arvados.go

diff --git a/lib/pam/pam_arvados.go b/lib/pam/pam_arvados.go
index e9070599c8..ee967af6cc 100644
--- a/lib/pam/pam_arvados.go
+++ b/lib/pam/pam_arvados.go
@@ -24,6 +24,7 @@ package main
 import (
 	"io/ioutil"
 	"log/syslog"
+	"os"
 
 	"context"
 	"errors"
@@ -101,11 +102,19 @@ func authenticate(logger *logrus.Logger, username, token string, argv []string)
 		} else if arg == "debug" {
 			logger.SetLevel(logrus.DebugLevel)
 		} else {
-			logger.Warnf("unkown option: %s\n", arg)
+			logger.Warnf("unknown option: %s\n", arg)
 		}
 	}
+	if hostname == "" || hostname == "-" {
+		h, err := os.Hostname()
+		if err != nil {
+			logger.WithError(err).Warnf("cannot get hostname -- try using an explicit hostname in pam config")
+			return fmt.Errorf("cannot get hostname: %w", err)
+		}
+		hostname = h
+	}
 	logger.Debugf("username=%q arvados_api_host=%q hostname=%q insecure=%t", username, apiHost, hostname, insecure)
-	if apiHost == "" || hostname == "" {
+	if apiHost == "" {
 		logger.Warnf("cannot authenticate: config error: arvados_api_host and hostname must be non-empty")
 		return errors.New("config error")
 	}
@@ -128,7 +137,11 @@ func authenticate(logger *logrus.Logger, username, token string, argv []string)
 		return err
 	}
 	if len(vms.Items) == 0 {
-		return fmt.Errorf("no results for hostname %q", hostname)
+		// It's possible there is no VM entry for the
+		// configured hostname, but typically this just means
+		// the user does not have permission to see (let alone
+		// log in to) this VM.
+		return errors.New("permission denied")
 	} else if len(vms.Items) > 1 {
 		return fmt.Errorf("multiple results for hostname %q", hostname)
 	} else if vms.Items[0].Hostname != hostname {