I was not aware of `PAMName`. After reading its documentation, it's still not clear to me what it does and how it can be used. What's a PAM session? Do you have any references? Google search wasn't very helpful. AFAIK from the PAM documentation, session is not an entity, for example, it has no identifier. Is it a session stored in logind?<br><br>I would also like to know how systemd is supposed to handle authentication programs that can start a process for any user, not the one in the systemd unit file. I posted just a minimal example.<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"></head><body><div class="quote" style="line-height: 1.5"><br><br>-------- Original Message --------<br>Subject: Re: [systemd-devel] User authentication service isn't killed fully<br>From: Mantas Mikulėnas <grawity@gmail.com><br>To: beroal <me@beroal.in.ua><br>CC: systemd-devel@lists.freedesktop.org<br><br><br type="attribution"><blockquote class="quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div dir="ltr">On Sun, Dec 26, 2021 at 3:03 PM beroal <<a href="mailto:me@beroal.in.ua">me@beroal.in.ua</a>> wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi. I have an autologin program which authenticates a user without asking for a password and starts a child process executing a user shell (for example, Bash, Xorg, or a Wayland compositor).<br>
<br>
This program is a systemd service. I discovered that systemd kills the autologin program, but does not kill the child of the autologin program. As I understand from the systemd documentation, systemd should kill both.<br></blockquote><div><br></div><div>Systemd doesn't kill <i>child</i> processes when stopping a service – it only kills processes found in the service's cgroup. As pam_systemd has intentionally moved your processes to a separate per-session .slice cgroup, they're no longer tied to the original .service's lifetime.</div><div><br></div><div>(I'm not very familiar with Wayland's requirements, but does your autologin program do anything specific that the built-in [Service] PAMName= wouldn't do anyway?)</div><div><br></div></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr">Mantas Mikulėnas</div></div></div>
</blockquote></me@beroal.in.ua></grawity@gmail.com></div></body></html>