2a3fc2e21f
This file changes rarely, but it does every one in a while. And since we have an independent copy, we forget to adjust it. We have had already two bugs because of this. I submitted a PR upstream to include pam_namespace (because that makes sense for all distros), so the diff between upstream and us now is just the inclusion of system-auth (which is not upstreamable). Effectively, the only difference right now is that 'pam_keyinit force revoke' is included. It was added upstream with the comment: We want that systemd --user gets its own keyring as usual, even if the barebones PAM snippet we ship upstream is used. If we don't do this we get the basic keyring systemd --system sets up for us.
32 lines
971 B
Diff
32 lines
971 B
Diff
From 4e6479054ae2090b99a50d6ae954d22efc8340a0 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
|
Date: Wed, 14 Dec 2022 22:24:53 +0100
|
|
Subject: [PATCH 4/4] fedora: use system-auth in pam systemd-user
|
|
|
|
---
|
|
src/login/systemd-user.in | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in
|
|
index 9a665bd959..703a4b3174 100644
|
|
--- a/src/login/systemd-user.in
|
|
+++ b/src/login/systemd-user.in
|
|
@@ -7,7 +7,7 @@
|
|
-account sufficient pam_systemd_home.so
|
|
{% endif %}
|
|
account sufficient pam_unix.so no_pass_expiry
|
|
-account required pam_permit.so
|
|
+account include system-auth
|
|
|
|
{% if HAVE_SELINUX %}
|
|
session required pam_selinux.so close
|
|
@@ -19,4 +19,4 @@ session required pam_namespace.so
|
|
{% if ENABLE_HOMED %}
|
|
-session optional pam_systemd_home.so
|
|
{% endif %}
|
|
-session optional pam_systemd.so
|
|
+session include system-auth
|
|
--
|
|
2.38.1
|
|
|