Skip to content

main/linux-pam: simplify rules

donoban requested to merge donoban/aports:pam-simplified into master

Well this is a first draft of a basic simplification. Base-X files only have rules related to the X type module, I removed most args like "nullok_secure" (it does nothing according to source code) and others that I don't find strictly necessary. "successok" on just changes "PAM_IGNORE" to "PAM_SUCESS", irrelevant if it's not on a 'sufficient' rule.

I removed "" calls since they use "/etc/security/pam_env.conf"

I think that for 'other' file, which acts as default rule file, is better to just log&deny everything.

Note that with this current setup, a user logged via local TTY will don't have XDG vars, elogind, pam_rundir... so it could break some working desktops. The question is what consider a "interactive" and "non-interactive" session.

Edited by donoban

Merge request reports