summaryrefslogtreecommitdiff
path: root/src/login
diff options
context:
space:
mode:
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2013-09-11 14:31:14 -0400
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2013-09-11 15:35:06 -0400
commit5c390a4ae0d383b2003074ed011d47876c7e630c (patch)
tree26e32d558024e07feab46f28dcf759f0c15baccc /src/login
parent7b617155b50fdaad5d06359eb03e98f0c7b3087b (diff)
Add pam configuration to allow user sessions to work out of the box
systemd-logind will start user@.service. user@.service unit uses PAM with service name 'systemd-user' to perform account and session managment tasks. Previously, the name was 'systemd-shared', it is now changed to 'systemd-user'. Most PAM installations use one common setup for different callers. Based on a quick poll, distributions fall into two camps: those that have system-auth (Redhat, Fedora, CentOS, Arch, Gentoo, Mageia, Mandriva), and those that have common-auth (Debian, Ubuntu, OpenSUSE). Distributions that have system-auth have just one configuration file that contains auth, password, account, and session blocks, and distributions that have common-auth also have common-session, common-password, and common-account. It is thus impossible to use one configuration file which would work for everybody. systemd-user now refers to system-auth, because it seems that the approach with one file is more popular and also easier, so let's follow that.
Diffstat (limited to 'src/login')
-rw-r--r--src/login/pam-module.c4
-rw-r--r--src/login/systemd-user8
2 files changed, 10 insertions, 2 deletions
diff --git a/src/login/pam-module.c b/src/login/pam-module.c
index 8c5b3a10f3..49296b5d63 100644
--- a/src/login/pam-module.c
+++ b/src/login/pam-module.c
@@ -220,11 +220,11 @@ _public_ PAM_EXTERN int pam_sm_open_session(
/* Make sure we don't enter a loop by talking to
* systemd-logind when it is actually waiting for the
* background to finish start-up. If the service is
- * "systemd-shared" we simply set XDG_RUNTIME_DIR and
+ * "systemd-user" we simply set XDG_RUNTIME_DIR and
* leave. */
pam_get_item(handle, PAM_SERVICE, (const void**) &service);
- if (streq_ptr(service, "systemd-shared")) {
+ if (streq_ptr(service, "systemd-user")) {
char *p, *rt = NULL;
if (asprintf(&p, "/run/systemd/users/%lu", (unsigned long) pw->pw_uid) < 0) {
diff --git a/src/login/systemd-user b/src/login/systemd-user
new file mode 100644
index 0000000000..7b57dbf784
--- /dev/null
+++ b/src/login/systemd-user
@@ -0,0 +1,8 @@
+#%PAM-1.0
+
+# Used by systemd when launching systemd user instances.
+
+account include system-auth
+session include system-auth
+auth required pam_deny.so
+password required pam_deny.so