forked from pool/systemd
77c37392a4
That way "systemd --user" instances get their own session keyring instead of the user default session keyring. For some reasons cifscreds refuses to work with the latter. That's what is expected for every PAM session anyway. OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1365
26 lines
979 B
Plaintext
26 lines
979 B
Plaintext
# This file is part of systemd.
|
|
#
|
|
# Used by systemd --user instances.
|
|
|
|
# Override the default behavior of the "auth" PAM stack and don't throw a
|
|
# warning each time a user instance is started, which is the default behavior of
|
|
# the PAM stack when no auth is defined. Indeed PID1 calls pam_setcred() when
|
|
# the user instance is about to be started to allow some user services, such as
|
|
# gnome-terminal, to extend theirs credentials similar to the ones received by a
|
|
# user when he logs in (and the full PAM authentication stack is run). For some
|
|
# details, see:
|
|
#
|
|
# https://gitlab.gnome.org/GNOME/gdm/-/issues/393
|
|
# https://github.com/systemd/systemd/issues/11198
|
|
# https://bugzilla.suse.com/show_bug.cgi?id=1190515
|
|
#
|
|
auth required pam_deny.so
|
|
|
|
account include common-account
|
|
|
|
session required pam_selinux.so close
|
|
session required pam_selinux.so nottys open
|
|
session required pam_loginuid.so
|
|
session optional pam_keyinit.so force revoke
|
|
session include common-session
|