Bug 1199804 - pam-config: backport the support of pam_systemd_home from TW to Leap 15.4
pam-config: backport the support of pam_systemd_home from TW to Leap 15.4
Status: NEW
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Basesystem
Leap 15.4
Other openSUSE Leap 15.4
: P5 - None : Normal (vote)
: ---
Assigned To: Thorsten Kukuk
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-05-23 05:45 UTC by Cruiz
Modified: 2022-09-21 09:39 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Cruiz 2022-05-23 05:45:56 UTC
While systemd-homed ist packaged in systemd-experimental, the pam-config for it are missing in Leap 15.4. Is it still possible to port them back?
Comment 1 Franck Bui 2022-05-31 07:24:27 UTC
Are you asking for integrating pam_systemd_home in /etc/pam.d/common-* pam config files ?

If so I'm not sure we should do that as long as systemd-homed is part of the systemd experimental stuff.

A description of how to integrate this pam module is given in pam_systemd_home(8) man page BTW.
Comment 2 Franck Bui 2022-05-31 07:26:31 UTC
Josef, Thorsten, what do you think ?

Do you think we should add such support in `pam-config --add` or is it still too early ?
Comment 3 Josef Möllers 2022-05-31 08:15:03 UTC
(In reply to Franck Bui from comment #2)
> Josef, Thorsten, what do you think ?
> 
> Do you think we should add such support in `pam-config --add` or is it still
> too early ?

I fully agree with your statement in comment #1: as long as it's experimental, we should keep it out of pam-config.
Comment 4 Thorsten Kukuk 2022-05-31 10:44:11 UTC
(In reply to Franck Bui from comment #1)

> A description of how to integrate this pam module is given in
> pam_systemd_home(8) man page BTW.

And as usual for a PAM module coming with systemd, all important information are missing and the example is crap, this example will never work and in worst case I think it's possible to login without providing a password...
E.g. if you look at the auth section, if you provide the correct password, pam_systemd_home is not called and if you provide a wrong password, pam_systemd_home does login the user. Maybe the module is doing it's own authentication stuff, but if, it's not mentioned in the manual page. And you can continue this way with the example...

But it looks like this module can always be called, so somebody just need to figure out the correct dependencies to other modules and how to call it correctly, write support for pam-config and create a pull request on github for it.
Comment 5 Cruiz 2022-05-31 11:41:37 UTC
I cannot comment on the technical arguments. But I would like to consider that systemd-homed is included in pam-config in Tumbleweed.
Comment 6 Franck Bui 2022-09-21 09:35:38 UTC
So, I missed the fact that support for pam_systemd_home has already been added by Ludwig last year and is available in TW, see: https://github.com/SUSE/pam-config/commit/1096078d67531e7cf94112d8ab312dc08d8f5907.

Therefore I (finally) understood that this bug is a request to backport this support (in pam-config) to Leap 15.4.

Hence reassigning to Thorsten.