main/linux-pam: simplify rules (!45631) · Merge requests · alpine / aports

donoban requested to merge donoban/aports:pam-simplified into master Apr 02, 2023

Well this is a first draft of a basic simplification. Base-X files only have rules related to the X type module, I removed most args like "nullok_secure" (it does nothing according to source code) and others that I don't find strictly necessary. "successok" on pam_nologin.so just changes "PAM_IGNORE" to "PAM_SUCESS", irrelevant if it's not on a 'sufficient' rule.

I removed "pam_env.so" calls since they use "/etc/security/pam_env.conf"

I think that for 'other' file, which acts as default rule file, is better to just log&deny everything.

Note that with this current setup, a user logged via local TTY will don't have XDG vars, elogind, pam_rundir... so it could break some working desktops. The question is what consider a "interactive" and "non-interactive" session.

Edited Apr 06, 2023 by donoban

main/linux-pam: simplify rules

Merge request reports