Am 24.07.2016 um 17:47 schrieb Colin Watson: > Compromise proposal: how about I make it do nothing if libpam-systemd is > installed (e.g. "ConditionPathExists=!/usr/share/pam-configs/systemd", > which is probably the simplest available check without needing to deal > with multiarch paths), in which case presumably the hack isn't needed? > (For backports to jessie, such a check would need to be deleted, unless > you plan to backport the ordering fix as requested above.) Counter-proposal: Add libpam-systemd as recommends and ship ssh-session-cleanup.service only as an example file. Add a section to README.Debian mentioning that libpam-systemd + UsePAM yes is highly recommended (for the reasons I mentioned). If people want to opt out of this proposed default configuration, they should enable the ssh-session-cleanup.service unit by copying it to /etc/systemd/system and running systemctl enable ssh-session-cleanup.service. This is something I could be ok with, as this would only affect users which explicitly decide to use a non-default configuration. Cheers, Michael P.S: I'm curious how this was supposed to work under sysvinit? I don't see any special code which kills SSH user sessions on shutdown, am I missing something? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
Attachment:
signature.asc
Description: OpenPGP digital signature