Bugzilla – Bug 1199804
pam-config: backport the support of pam_systemd_home from TW to Leap 15.4
Last modified: 2022-09-21 09:39:02 UTC
While systemd-homed ist packaged in systemd-experimental, the pam-config for it are missing in Leap 15.4. Is it still possible to port them back?
Are you asking for integrating pam_systemd_home in /etc/pam.d/common-* pam config files ?
If so I'm not sure we should do that as long as systemd-homed is part of the systemd experimental stuff.
A description of how to integrate this pam module is given in pam_systemd_home(8) man page BTW.
Josef, Thorsten, what do you think ?
Do you think we should add such support in `pam-config --add` or is it still too early ?
(In reply to Franck Bui from comment #2)
> Josef, Thorsten, what do you think ?
> Do you think we should add such support in `pam-config --add` or is it still
> too early ?
I fully agree with your statement in comment #1: as long as it's experimental, we should keep it out of pam-config.
(In reply to Franck Bui from comment #1)
> A description of how to integrate this pam module is given in
> pam_systemd_home(8) man page BTW.
And as usual for a PAM module coming with systemd, all important information are missing and the example is crap, this example will never work and in worst case I think it's possible to login without providing a password...
E.g. if you look at the auth section, if you provide the correct password, pam_systemd_home is not called and if you provide a wrong password, pam_systemd_home does login the user. Maybe the module is doing it's own authentication stuff, but if, it's not mentioned in the manual page. And you can continue this way with the example...
But it looks like this module can always be called, so somebody just need to figure out the correct dependencies to other modules and how to call it correctly, write support for pam-config and create a pull request on github for it.
I cannot comment on the technical arguments. But I would like to consider that systemd-homed is included in pam-config in Tumbleweed.
So, I missed the fact that support for pam_systemd_home has already been added by Ludwig last year and is available in TW, see: https://github.com/SUSE/pam-config/commit/1096078d67531e7cf94112d8ab312dc08d8f5907.
Therefore I (finally) understood that this bug is a request to backport this support (in pam-config) to Leap 15.4.
Hence reassigning to Thorsten.