[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#677440: Please enable pam_loginuid by default



tag 677440 + patch
thanks

Hi,

Please apply the attached patch.

I've reordered the common-session include at the end, as some modules
(pam_ck_connector, pam_systemd,...) added by the pam-auth-update
mechanism need to be included after pam_loginuid call. Moreover, other
pam services are also adding this common-session at the end of the
stack.

Cheers

Laurent Bigonville
diff -Nru openssh-6.0p1/debian/openssh-server.sshd.pam openssh-6.0p1/debian/openssh-server.sshd.pam
--- openssh-6.0p1/debian/openssh-server.sshd.pam	2012-05-22 01:19:22.000000000 +0200
+++ openssh-6.0p1/debian/openssh-server.sshd.pam	2012-06-28 22:09:31.000000000 +0200
@@ -20,9 +20,6 @@
 # Standard Un*x authorization.
 @include common-account
 
-# Standard Un*x session setup and teardown.
-@include common-session
-
 # Print the message of the day upon successful login.
 # This includes a dynamically generated part from /run/motd.dynamic
 # and a static (admin-editable) part from /etc/motd.
@@ -35,6 +32,12 @@
 # Set up user limits from /etc/security/limits.conf.
 session    required     pam_limits.so
 
+# Sets the loginuid process attribute
+session    required     pam_loginuid.so
+
+# Standard Un*x session setup and teardown.
+@include common-session
+
 # Set up SELinux capabilities (need modified pam)
 # session  required     pam_selinux.so multiple
 

Reply to: