[Pkg-xfce-devel] Bug#677435: Please enable pam_loginuid by default
- Subject: [Pkg-xfce-devel] Bug#677435: Please enable pam_loginuid by default
- From: bigon at debian.org (Laurent Bigonville)
- Date: Thu, 14 Jun 2012 11:48:27 +0200
- Message-id: <[🔎] 20120614114827.27602d88@eldamar.bigon.be>
Hi,
So let's try to be more clear about this bug.
pam_loginuid is used to track user login. This module is needed
by different things: the audit daemon, consolekit and systemd (for the
later, the lack of calling this module, produces some nasty issues, like
breaking sudo).
The module must only be called in login-like services (login, xDM,...)
and not in services like sudo as this is defeating the purpose of
having a UID per login. The pam-auth-update is currently laking (see
#677288) a way to add modules to login services only.
pam_loginuid.so module is already present in the libpam-modules package
which is Priority: required which means it's installed on every system
by default.
The module need to be added in between the call to selinux close/open
and before pam_ck_connector modules (if they are already present in your
pam service file), I also recommend to add it before the
common-session(-noninteractive) include. For example:
session required pam_selinux.so close
[...]
session required pam_loginuid.so << Add it here
@include common-session
session required pam_selinux.so open
Cheers
Laurent Bigonville
Reply to: