diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2013-09-11 14:31:14 -0400 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2013-09-11 15:35:06 -0400 |
commit | 5c390a4ae0d383b2003074ed011d47876c7e630c (patch) | |
tree | 26e32d558024e07feab46f28dcf759f0c15baccc /src/login | |
parent | 7b617155b50fdaad5d06359eb03e98f0c7b3087b (diff) |
Add pam configuration to allow user sessions to work out of the box
systemd-logind will start user@.service. user@.service unit uses
PAM with service name 'systemd-user' to perform account and session
managment tasks. Previously, the name was 'systemd-shared', it is
now changed to 'systemd-user'.
Most PAM installations use one common setup for different callers.
Based on a quick poll, distributions fall into two camps: those that
have system-auth (Redhat, Fedora, CentOS, Arch, Gentoo, Mageia,
Mandriva), and those that have common-auth (Debian, Ubuntu, OpenSUSE).
Distributions that have system-auth have just one configuration file
that contains auth, password, account, and session blocks, and
distributions that have common-auth also have common-session,
common-password, and common-account. It is thus impossible to use one
configuration file which would work for everybody. systemd-user now
refers to system-auth, because it seems that the approach with one
file is more popular and also easier, so let's follow that.
Diffstat (limited to 'src/login')
-rw-r--r-- | src/login/pam-module.c | 4 | ||||
-rw-r--r-- | src/login/systemd-user | 8 |
2 files changed, 10 insertions, 2 deletions
diff --git a/src/login/pam-module.c b/src/login/pam-module.c index 8c5b3a10f3..49296b5d63 100644 --- a/src/login/pam-module.c +++ b/src/login/pam-module.c @@ -220,11 +220,11 @@ _public_ PAM_EXTERN int pam_sm_open_session( /* Make sure we don't enter a loop by talking to * systemd-logind when it is actually waiting for the * background to finish start-up. If the service is - * "systemd-shared" we simply set XDG_RUNTIME_DIR and + * "systemd-user" we simply set XDG_RUNTIME_DIR and * leave. */ pam_get_item(handle, PAM_SERVICE, (const void**) &service); - if (streq_ptr(service, "systemd-shared")) { + if (streq_ptr(service, "systemd-user")) { char *p, *rt = NULL; if (asprintf(&p, "/run/systemd/users/%lu", (unsigned long) pw->pw_uid) < 0) { diff --git a/src/login/systemd-user b/src/login/systemd-user new file mode 100644 index 0000000000..7b57dbf784 --- /dev/null +++ b/src/login/systemd-user @@ -0,0 +1,8 @@ +#%PAM-1.0 + +# Used by systemd when launching systemd user instances. + +account include system-auth +session include system-auth +auth required pam_deny.so +password required pam_deny.so |