Bug#739676: systemd-user PAM config breaks some libpam-* modules
Christian Kastner
debian at kvr.at
Sun Dec 28 20:55:47 GMT 2014
On 2014-12-28 18:29, Christian Kastner wrote:
> Changing systemd-user's PAM config to use common-session-noninteractive
> resolves the above issue (and actually another, yet unreported, one in
> libpam-mount).
>
> Please consider including the attached patch against git master if you
> think it is safe to do so.
OK, so I found one negative side effect of my proposed change: switching
to "common-session-noninteractive" alone causes systemd to log the
following message to syslog:
Trying to run as a user instance, but $XDG_RUNTIME_DIR is not set.
I assume that this is because common-session also includes
pam_systemd.so, whereas -noninteractive does not, so switching to the
latter drops it from systemd-user's config.
I see two possible easy solutions for this:
1. Move pam_systemd.so to -noninteractive, by dropping
"Session-Interactive-Only: yes" from systemd's
/usr/share/pam-config/systemd.
I think this is the worst solution, as this would affect all
PAM configurations, not just systemd-user's.
2. Re-add pam_systemd.so to systemd-user's config.
The attached, updated patch implements 2. I tested it locally, and all
issues raised so far were resolved.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Use-common-session-noninteractive-in-systemd-user-PAM.patch
Type: text/x-patch
Size: 1819 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/attachments/20141228/9d7b44d2/attachment.bin>
More information about the Pkg-systemd-maintainers
mailing list