[systemd-devel] Help with pam_systemd..
Kok, Auke-jan H
auke-jan.h.kok at intel.com
Sun May 27 15:23:38 PDT 2012
On Sun, May 27, 2012 at 9:23 AM, Mantas Mikulėnas <grawity at gmail.com> wrote:
> On Sat, May 26, 2012 at 8:12 PM, Kok, Auke-jan H
> <auke-jan.h.kok at intel.com> wrote:
>> On Sat, May 26, 2012 at 3:31 PM, Shawn Ferris <shawn.ferris at gmail.com> wrote:
>>> #PAM-1.0
>>> auth required pam_unix.so
>>> auth required pam_nologin.so
>>> account required pam_unix.so
>>> password required pam_unix.so
>>> session required pam_unix.so
>>> session required pam_loginuid.so
>>> -session required pam_systemd.so kill-session-processes=1 debug=1
>>
>> this needs to be
>>
>> session optional pam_systemd.so ...
>
> Changing the entry to "optional" will not fix anything, only hide the
> problems...
not really, making it optional allows your system to be usable if something
bad happens to pam_systemd.so...
pam_systemd.so currently doesn't do anything but "add more stuff" to your
shell. Without it, your shells/pam sessions are perfectly usable.
Forcing a non-0 return code from pam_systemd.so to be fatal is only going
to sit in the way.
Right now I don't think the systemd pam code is stable enough to mandate
that it all returns normal exit codes, after all, not many people are
actually using it at this time, and I just sent a patch for the PAM
stuff last week.
Auke
More information about the systemd-devel
mailing list