i reply to:
"
Hi,
On Sat, Nov 25, 2023 at 06:48:42AM +0000, meow wrote:
Yes, you’re right, it should be included in the configuration file.
/etc/pam.d/supervise-daemon:
#%PAM-1.0
auth required pam_permit.so
account required pam_permit.so
password required pam_deny.so
session optional pam_limits.so
@include common-account
@include common-session-nointeractive
use 'common-*' incorrectly. we only need common-account and
common-session-nointetactive.
This is different to what I suggested.
I think
auth required pam_permit.so
account required pam_permit.so
Should be *replaced* by
@include common-auth
@include common-account
And
session optional pam_limits.so
should be after
@include common-session-nointetactive
That makes the whole config
#%PAM-1.0
password required pam_deny.so
@include common-account
@include common-account
@include common-session-nointeractive
session optional pam_limits.so
Is that better?
If you have improvements, please provide the reasoning as well.
Thanks
Mark "
On November 29, 2023 5:39:27 PM UTC, Mark Hindley <mark@???> wrote:
>On Wed, Nov 29, 2023 at 12:07:57AM +0000, meow wrote:
>> No, there are nuances. for example, the PAM access module.
>> if you turn it on, supervise-daemon stops working correctly.
>
>Please don't top post.
>
>I don't understand what you are answering here.
>
>Sorry.
>
>Mark
>