[systemd-devel] Help with pam_systemd..

Kok, Auke-jan H auke-jan.h.kok at intel.com
Sun May 27 15:23:38 PDT 2012


On Sun, May 27, 2012 at 9:23 AM, Mantas Mikulėnas <grawity at gmail.com> wrote:
> On Sat, May 26, 2012 at 8:12 PM, Kok, Auke-jan H
> <auke-jan.h.kok at intel.com> wrote:
>> On Sat, May 26, 2012 at 3:31 PM, Shawn Ferris <shawn.ferris at gmail.com> wrote:
>>> #PAM-1.0
>>> auth       required     pam_unix.so
>>> auth       required     pam_nologin.so
>>> account    required     pam_unix.so
>>> password   required     pam_unix.so
>>> session    required     pam_unix.so
>>> session    required     pam_loginuid.so
>>> -session    required     pam_systemd.so kill-session-processes=1 debug=1
>>
>> this needs to be
>>
>> session   optional   pam_systemd.so ...
>
> Changing the entry to "optional" will not fix anything, only hide the
> problems...

not really, making it optional allows your system to be usable if something
bad happens to pam_systemd.so...

pam_systemd.so currently doesn't do anything but "add more stuff" to your
shell. Without it, your shells/pam sessions are perfectly usable.

Forcing a non-0 return code from pam_systemd.so to be fatal is only going
to sit in the way.

Right now I don't think the systemd pam code is stable enough to mandate
that it all returns normal exit codes, after all, not many people are
actually using it at this time, and I just sent a patch for the PAM
stuff last week.

Auke


More information about the systemd-devel mailing list