:: [devuan-dev] bug#805: openrc: super…
Startseite
Nachricht löschen
Nachricht beantworten
Autor: meow
Datum:  
To: Mark Hindley
CC: 805
Betreff: [devuan-dev] bug#805: openrc: supervise-daemon: missing PAM configuration
i reply to:

"
Hi,

On Sat, Nov 25, 2023 at 06:48:42AM +0000, meow wrote:

Yes, you’re right, it should be included in the configuration file.
/etc/pam.d/supervise-daemon:
#%PAM-1.0
auth required pam_permit.so
account required pam_permit.so
password required pam_deny.so
session optional pam_limits.so
@include common-account
@include common-session-nointeractive
use 'common-*' incorrectly. we only need common-account and
common-session-nointetactive.


This is different to what I suggested.

I think

auth required pam_permit.so
account required pam_permit.so


Should be *replaced* by

@include common-auth
@include common-account

And

session optional pam_limits.so


should be after

@include common-session-nointetactive

That makes the whole config

#%PAM-1.0
password required pam_deny.so
@include common-account
@include common-account
@include common-session-nointeractive
session optional pam_limits.so

Is that better?

If you have improvements, please provide the reasoning as well.

Thanks

Mark "



On November 29, 2023 5:39:27 PM UTC, Mark Hindley <mark@???> wrote:
>On Wed, Nov 29, 2023 at 12:07:57AM +0000, meow wrote:
>>    No, there are nuances. for example, the PAM access module.
>>    if you turn it on, supervise-daemon stops working correctly.

>
>Please don't top post.
>
>I don't understand what you are answering here.
>
>Sorry.
>
>Mark
>