SHA256
1
0
forked from pool/systemd
systemd/systemd-user
Franck Bui 77c37392a4 - Include pam_keyinit.so in our systemd-user PAM service (bsc#1209741)
That way "systemd --user" instances get their own session keyring instead of
  the user default session keyring. For some reasons cifscreds refuses to work
  with the latter. That's what is expected for every PAM session anyway.

OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1365
2023-03-31 13:08:07 +00:00

26 lines
979 B
Plaintext

# This file is part of systemd.
#
# Used by systemd --user instances.
# Override the default behavior of the "auth" PAM stack and don't throw a
# warning each time a user instance is started, which is the default behavior of
# the PAM stack when no auth is defined. Indeed PID1 calls pam_setcred() when
# the user instance is about to be started to allow some user services, such as
# gnome-terminal, to extend theirs credentials similar to the ones received by a
# user when he logs in (and the full PAM authentication stack is run). For some
# details, see:
#
# https://gitlab.gnome.org/GNOME/gdm/-/issues/393
# https://github.com/systemd/systemd/issues/11198
# https://bugzilla.suse.com/show_bug.cgi?id=1190515
#
auth required pam_deny.so
account include common-account
session required pam_selinux.so close
session required pam_selinux.so nottys open
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
session include common-session