From 5c390a4ae0d383b2003074ed011d47876c7e630c Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Wed, 11 Sep 2013 14:31:14 -0400 Subject: Add pam configuration to allow user sessions to work out of the box systemd-logind will start user@.service. user@.service unit uses PAM with service name 'systemd-user' to perform account and session managment tasks. Previously, the name was 'systemd-shared', it is now changed to 'systemd-user'. Most PAM installations use one common setup for different callers. Based on a quick poll, distributions fall into two camps: those that have system-auth (Redhat, Fedora, CentOS, Arch, Gentoo, Mageia, Mandriva), and those that have common-auth (Debian, Ubuntu, OpenSUSE). Distributions that have system-auth have just one configuration file that contains auth, password, account, and session blocks, and distributions that have common-auth also have common-session, common-password, and common-account. It is thus impossible to use one configuration file which would work for everybody. systemd-user now refers to system-auth, because it seems that the approach with one file is more popular and also easier, so let's follow that. --- src/login/pam-module.c | 4 ++-- src/login/systemd-user | 8 ++++++++ 2 files changed, 10 insertions(+), 2 deletions(-) create mode 100644 src/login/systemd-user (limited to 'src/login') diff --git a/src/login/pam-module.c b/src/login/pam-module.c index 8c5b3a10f3..49296b5d63 100644 --- a/src/login/pam-module.c +++ b/src/login/pam-module.c @@ -220,11 +220,11 @@ _public_ PAM_EXTERN int pam_sm_open_session( /* Make sure we don't enter a loop by talking to * systemd-logind when it is actually waiting for the * background to finish start-up. If the service is - * "systemd-shared" we simply set XDG_RUNTIME_DIR and + * "systemd-user" we simply set XDG_RUNTIME_DIR and * leave. */ pam_get_item(handle, PAM_SERVICE, (const void**) &service); - if (streq_ptr(service, "systemd-shared")) { + if (streq_ptr(service, "systemd-user")) { char *p, *rt = NULL; if (asprintf(&p, "/run/systemd/users/%lu", (unsigned long) pw->pw_uid) < 0) { diff --git a/src/login/systemd-user b/src/login/systemd-user new file mode 100644 index 0000000000..7b57dbf784 --- /dev/null +++ b/src/login/systemd-user @@ -0,0 +1,8 @@ +#%PAM-1.0 + +# Used by systemd when launching systemd user instances. + +account include system-auth +session include system-auth +auth required pam_deny.so +password required pam_deny.so -- cgit v1.2.3-54-g00ecf