2017-06-07 12:48:51 +02:00
|
|
|
# This file is part of systemd.
|
|
|
|
#
|
|
|
|
# Used by systemd --user instances.
|
|
|
|
|
2022-01-04 09:30:42 +01:00
|
|
|
# Override the default behavior of the "auth" PAM stack and don't throw a
|
|
|
|
# warning each time a user instance is started, which is the default behavior of
|
|
|
|
# the PAM stack when no auth is defined. Indeed PID1 calls pam_setcred() when
|
|
|
|
# the user instance is about to be started to allow some user services, such as
|
|
|
|
# gnome-terminal, to extend theirs credentials similar to the ones received by a
|
|
|
|
# user when he logs in (and the full PAM authentication stack is run). For some
|
|
|
|
# details, see:
|
2021-10-08 10:31:22 +02:00
|
|
|
#
|
2022-01-04 09:30:42 +01:00
|
|
|
# https://gitlab.gnome.org/GNOME/gdm/-/issues/393
|
|
|
|
# https://github.com/systemd/systemd/issues/11198
|
|
|
|
# https://bugzilla.suse.com/show_bug.cgi?id=1190515
|
2021-10-08 10:31:22 +02:00
|
|
|
#
|
2022-01-04 09:30:42 +01:00
|
|
|
auth required pam_deny.so
|
2021-10-06 10:03:55 +02:00
|
|
|
|
|
|
|
account include common-account
|
2017-06-07 12:48:51 +02:00
|
|
|
|
|
|
|
session required pam_selinux.so close
|
|
|
|
session required pam_selinux.so nottys open
|
2022-04-29 17:36:28 +02:00
|
|
|
session required pam_loginuid.so
|
2023-03-31 15:08:07 +02:00
|
|
|
session optional pam_keyinit.so force revoke
|
2021-10-06 10:03:55 +02:00
|
|
|
session include common-session
|