1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-11 05:17:44 +03:00
Commit Graph

12 Commits

Author SHA1 Message Date
Lennart Poettering
38ccb55731 nss-mymachines: drop support for UID/GID resolving
Now that we make the user/group name resolving available via userdb and
thus nss-systemd, we do not need the UID/GID resolving support in
nss-mymachines anymore. Let's drop it hence.

We keep the module around, since besides UID/GID resolving it also does
hostname resolving, which we care about. (One of those days we should
replace that by some Varlink logic between
nss-resolve/systemd-resolved.service too)

The hooks are kept in the NSS module, but they do not resolve anything
anymore, in order to keep compat at a maximum.
2020-07-14 17:08:12 +02:00
Lennart Poettering
26cf9fb7f8 home: add pam_systemd_home.so PAM hookup
In a way fixes: https://bugs.freedesktop.org/show_bug.cgi?id=67474
2020-01-28 22:36:41 +01:00
Lennart Poettering
1684c56f40 nss: hook up nss-systemd with userdb varlink bits
This changes nss-systemd to use the new varlink user/group APIs for
looking up everything.

(This also changes the factory /etc/nsswitch.conf line to use for
hooking up nss-system to use glibc's [SUCCESS=merge] feature so that we
can properly merge group membership lists).

Fixes: #12492
2020-01-15 15:29:07 +01:00
Lennart Poettering
062666c7c4 factory: add default /etc/issue file
Booting up an image with --volatile=yes otherwise looks so naked, so
let's include this file in the default factory too. It's common and
simple and should be safe to ship.
2019-07-24 08:57:23 +09:00
Lennart Poettering
4c92bf408d factory: include pam_keyinit.so in PAM factory configuration
We use the keyring, so let's make sure it gets properly initialized for
sessions in factory reset mode.
2019-07-13 11:06:24 +02:00
Lennart Poettering
29d30ae7b6 factory: add comment to PAM file, explaining that the defaults are not useful 2019-07-13 11:06:24 +02:00
Lennart Poettering
ed40cb82f7 factory: tighten PAM configuration
Apparently PAM reacts differently on different systems (?) and if no
authoritative matching module is found might either succeed/fail,
depending on the system.

Let's lock this down explicitly, by hooking in pam_deny.so.

Of course, these PAM files are just examples, and no distro in its right
mind would ship these unmodified, but let's default to something safe.

Fixes: #12950
2019-07-13 11:06:24 +02:00
Zbigniew Jędrzejewski-Szmek
94f760ec9d man,factory: update factory config for nsswitch.conf to match the man pages
Also add a note in the man pages to remind people to adjust the factory config
and other man pages at the same time.
2018-11-27 22:35:02 +01:00
Kay Sievers
c009072ec5 factory: remove broken pam_limits
Stupid PAM, please just go away!

login[26]: pam_limits(login:session): error parsing the configuration file: '/etc/security/limits.conf'
login[26]: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
login[26]: Error in service module
2014-07-30 15:21:54 +02:00
Kay Sievers
32767cb1e8 login: update systemd-user PAM configuration file 2014-07-29 13:20:20 +02:00
Kay Sievers
ccc6fa0d6b factory: nss - add generic config 2014-07-27 14:53:21 +02:00
Kay Sievers
e5168066e7 factory: PAM - add generic fallback config
Single PAM fallback config file to be used in /etc to allow
bootstrapping of a system with an empty /etc.
2014-07-27 14:34:19 +02:00