Lennart Poettering
Lennart Poettering
I am fine with using a different, explicit PAM stack for this btw. The problem with that is that we need it installed on the target machine, and that means...
hmm, it would be kinda nice if pam would allow us to try a couple of PAM service names in turn. Then we could introduce a new PAM service for...
*[Canned reply follows]* This is the upstream bug and feature request tracker of systemd. Please use this only for issues in the two most current upstream systemd versions. See this...
please provide debug logs. Is this a cgroupv2 system? What does "loginctl" say when this happens, and what "loginctl session-status" on such a session?
So why does that sshd-session process stick around when it got denies a PAM session? logind appears to work correctly: we keep track of the session as long as it...
> sshd-session process stick around because according to openssh code [1] , if it got denied a session, sshd-session would still get created except with no capability whatsoever. They considered...
ok, took me a while. But i think this makes sense to me. Merging.
I figure this is OK, but I am not sold on the naming of the concept just yet. My current favourite for the job mode is "lenient" (or maybe "passive"?)....
Hmm, I am a bit puzzled about your choice to add this as side-effect of ProtectVersion=. So I presume you are looking into the scenario if you allow UKIs and...