systemd

rpms/systemd

Fork 0

Commit Graph

Author	SHA1	Message	Date
David Tardon	4ab2887d57	pam: do not require a non-expired password for user@.service Without this parameter, we would allow user@ to start if the user has no password (i.e. the password is "locked"). But when the user does have a password, and it is marked as expired, we would refuse to start the service. There are other authentication mechanisms and we should not tie this service to the password state. The documented way to disable an account is to call 'chage -E0'. With a disabled account, user@.service will still refuse to start: systemd[16598]: PAM failed: User account has expired systemd[16598]: PAM failed: User account has expired systemd[16598]: user@1005.service: Failed to set up PAM session: Operation not permitted systemd[16598]: user@1005.service: Failed at step PAM spawning /usr/lib/systemd/systemd: Operation n ot permitted systemd[1]: user@1005.service: Main process exited, code=exited, status=224/PAM systemd[1]: user@1005.service: Failed with result 'exit-code'. systemd[1]: Failed to start user@1005.service. systemd[1]: Stopping user-runtime-dir@1005.service... RHEL-only Resolves: #2059553	2022-04-20 10:19:51 +02:00
Troy Dawson	6c3148f502	RHEL 9.0.0 Alpha bootstrap The content of this branch was automatically imported from Fedora ELN with the following as its source: https://src.fedoraproject.org/rpms/systemd#14b2fafb3688a4170a9c15235d1c3feb7ddeaf9d	2020-10-15 10:17:11 -07:00

Author

SHA1

Message

Date

David Tardon

4ab2887d57

pam: do not require a non-expired password for user@.service

Without this parameter, we would allow user@ to start if the user
has no password (i.e. the password is "locked"). But when the user does have a password,
and it is marked as expired, we would refuse to start the service.
There are other authentication mechanisms and we should not tie this service to
the password state.

The documented way to disable an *account* is to call 'chage -E0'. With a disabled
account, user@.service will still refuse to start:

systemd[16598]: PAM failed: User account has expired
systemd[16598]: PAM failed: User account has expired
systemd[16598]: user@1005.service: Failed to set up PAM session: Operation not permitted
systemd[16598]: user@1005.service: Failed at step PAM spawning /usr/lib/systemd/systemd: Operation n  ot permitted
systemd[1]: user@1005.service: Main process exited, code=exited, status=224/PAM
systemd[1]: user@1005.service: Failed with result 'exit-code'.
systemd[1]: Failed to start user@1005.service.
systemd[1]: Stopping user-runtime-dir@1005.service...

RHEL-only

Resolves: #2059553

2022-04-20 10:19:51 +02:00

Troy Dawson

6c3148f502

RHEL 9.0.0 Alpha bootstrap

The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/systemd#14b2fafb3688a4170a9c15235d1c3feb7ddeaf9d

2020-10-15 10:17:11 -07:00

2 Commits