:: [devuan-dev] bug#805: openrc: super…
Top Pagina
Delete this message
Reply to this message
Auteur: meow
Datum:  
Aan: Mark Hindley
CC: 805
Onderwerp: [devuan-dev] bug#805: openrc: supervise-daemon: missing PAM configuration
No, there are nuances. for example, the PAM access module.
if you turn it on, supervise-daemon stops working correctly.

On November 26, 2023 9:07:28 AM UTC, Mark Hindley <mark@???> wrote:
>Hi,
>
>On Sat, Nov 25, 2023 at 06:48:42AM +0000, meow wrote:
>>    Yes, you’re right, it should be included in the configuration file.
>>    /etc/pam.d/supervise-daemon:
>>    #%PAM-1.0
>>    auth            required        pam_permit.so
>>    account         required        pam_permit.so
>>    password        required        pam_deny.so
>>    session         optional        pam_limits.so
>>    @include common-account
>>    @include common-session-nointeractive
>>    use 'common-*' incorrectly. we only need common-account and
>>    common-session-nointetactive.

>
>This is different to what I suggested.
>
>I think
>
>>    auth            required        pam_permit.so
>>    account         required        pam_permit.so

>
>Should be *replaced* by
>
>@include common-auth
>@include common-account
>
>And
>
>>    session         optional        pam_limits.so

>
>should be after
>
>@include common-session-nointetactive
>
>That makes the whole config
>
>#%PAM-1.0
>password        required        pam_deny.so
>@include common-account
>@include common-account
>@include common-session-nointeractive
>session         optional        pam_limits.so

>
>Is that better?
>
>If you have improvements, please provide the reasoning as well.
>
>Thanks
>
>Mark