Compare commits

...

4 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek 96249bf8d6
Merge pull request #15735 from poettering/pam-snippet-update
Slightly update our shipped and suggested PAM snippets, so that pam_systemd_home.so is more likely to just work
2020-05-06 22:45:29 +02:00
Lennart Poettering 4ad5bf7865 man: bring example PAM snippet of pam_systemd and pam_systemd_home back in sync
Let's make it the same snippet, just highlight different lines.
2020-05-06 22:30:43 +02:00
Lennart Poettering c6472bb019 man: highlight relevant lines in pam_systemd_home.so example PAM snippet
let's do this like we do in the NSS module man pages.
2020-05-06 22:30:27 +02:00
Lennart Poettering bd685faa1a login: include pam_systemd_home.so in the default PAM snippet we ship for user@.service
Let's make sure systemd-homed works out-of-the box as well as possible.
2020-05-06 22:30:07 +02:00
3 changed files with 28 additions and 15 deletions

View File

@ -308,19 +308,24 @@ pam_set_data(handle, "systemd.runtime_max_sec", (void *)"3600", cleanup);
<filename>systemd-logind.service</filename>:</para> <filename>systemd-logind.service</filename>:</para>
<programlisting>#%PAM-1.0 <programlisting>#%PAM-1.0
auth sufficient pam_unix.so auth sufficient pam_unix.so
auth required pam_deny.so -auth sufficient pam_systemd_home.so
auth required pam_deny.so
account required pam_nologin.so account required pam_nologin.so
account sufficient pam_unix.so -account sufficient pam_systemd_home.so
account required pam_permit.so account sufficient pam_unix.so
account required pam_permit.so
password sufficient pam_unix.so sha512 shadow try_first_pass try_authtok -password sufficient pam_systemd_home.so
password required pam_deny.so password sufficient pam_unix.so sha512 shadow try_first_pass try_authtok
password required pam_deny.so
-session optional pam_loginuid.so -session optional pam_keyinit.so revoke
-session optional pam_systemd.so -session optional pam_loginuid.so
session required pam_unix.so</programlisting> -session optional pam_systemd_home.so
<command>-session optional pam_systemd.so</command>
session required pam_unix.so</programlisting>
</refsect1> </refsect1>
<refsect1> <refsect1>

View File

@ -116,21 +116,21 @@
<programlisting>#%PAM-1.0 <programlisting>#%PAM-1.0
auth sufficient pam_unix.so auth sufficient pam_unix.so
-auth sufficient pam_systemd_home.so <command>-auth sufficient pam_systemd_home.so</command>
auth required pam_deny.so auth required pam_deny.so
account required pam_nologin.so account required pam_nologin.so
-account sufficient pam_systemd_home.so <command>-account sufficient pam_systemd_home.so</command>
account sufficient pam_unix.so account sufficient pam_unix.so
account required pam_permit.so account required pam_permit.so
-password sufficient pam_systemd_home.so <command>-password sufficient pam_systemd_home.so</command>
password sufficient pam_unix.so sha512 shadow try_first_pass try_authtok password sufficient pam_unix.so sha512 shadow try_first_pass try_authtok
password required pam_deny.so password required pam_deny.so
-session optional pam_keyinit.so revoke -session optional pam_keyinit.so revoke
-session optional pam_loginuid.so -session optional pam_loginuid.so
-session optional pam_systemd_home.so <command>-session optional pam_systemd_home.so</command>
-session optional pam_systemd.so -session optional pam_systemd.so
session required pam_unix.so</programlisting> session required pam_unix.so</programlisting>
</refsect1> </refsect1>

View File

@ -2,11 +2,19 @@
# #
# Used by systemd --user instances. # Used by systemd --user instances.
account required pam_unix.so m4_ifdef(`ENABLE_HOMED',
-account sufficient pam_systemd_home.so
)m4_dnl
account sufficient pam_unix.so
account required pam_permit.so
m4_ifdef(`HAVE_SELINUX', m4_ifdef(`HAVE_SELINUX',
session required pam_selinux.so close session required pam_selinux.so close
session required pam_selinux.so nottys open session required pam_selinux.so nottys open
)m4_dnl )m4_dnl
session required pam_loginuid.so session required pam_loginuid.so
session optional pam_keyinit.so force revoke session optional pam_keyinit.so force revoke
m4_ifdef(`ENABLE_HOMED',
-session optional pam_systemd_home.so
)m4_dnl
session optional pam_systemd.so session optional pam_systemd.so