-
Notifications
You must be signed in to change notification settings - Fork 133
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add pam_systemd.so to system-auth-ac #207
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you @avanier Great addition, I left a comment for a small attribute name improvement
@@ -35,5 +35,8 @@ password required pam_deny.so | |||
|
|||
session optional pam_keyinit.so revoke | |||
session required pam_limits.so | |||
<% if node['os-hardening']['desktop']['enable'] && node['platform'] == 'fedora' %> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would like to reuse the same naming pattern as above:
node['os-hardening']['auth']['pam']['pam_systemd']['enable']
@chris-rock This should work, but for some reason I'm unable to converge the kitchens now. |
Alright, got my kitchen to converge. No explosions. |
@chris-rock Bump, if I may. |
attributes/default.rb
Outdated
@@ -79,6 +79,7 @@ | |||
default['os-hardening']['auth']['pam']['tally2']['template_cookbook'] = 'os-hardening' | |||
default['os-hardening']['auth']['pam']['passwdqc']['template_cookbook'] = 'os-hardening' | |||
default['os-hardening']['auth']['pam']['system-auth']['template_cookbook'] = 'os-hardening' | |||
default['os-hardening']['auth']['pam']['pam_systemd']['enable'] = node['os-hardening']['desktop']['enable'] && node['platform'] == 'fedora' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -35,5 +35,8 @@ password required pam_deny.so | |||
|
|||
session optional pam_keyinit.so revoke | |||
session required pam_limits.so | |||
<% if node['os-hardening']['auth']['pam']['pam_systemd']['enable'] %> | |||
-session optional pam_systemd.so |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can remove the leading -
@artem-sidorenko Rebased on upstream master, and requested changes are applied. 🤘 |
@avanier thank you! |
Fixes #206.
Allows Gnome Display Manager to start properly under Fedora 27.