Having built sys-apps/systemd[homed] and correctly edited /etc/nsswitch.conf for homed usage, `su` as a homed user emits "You are not authorized to su" regardless of wheel membership. And both `login` and `machinectl login` don't work for the homed user, emitting "no shadow password for '<homed_user>'" and "invalid password for '<homed_user>'" in journald, though sddm login works. These issues are resolved after rebuilding sys-apps/shadow with USE=pam. 'homed? ( sys-apps/shadow[pam] )' should probably be added to systemd's RDEPEND.
A dependency on sys-apps/shadow[pam] is not quite right here. The "su" command may be alternatively be provided by util-linux[su]. At some point we might add support for having the "login" command provided by util-linux as well. I don't think adding a dependency in systemd for either of these commands is appropriate. I'm more interested in the "machinectl login" failure case. Exactly what does that do and how does it fail without sys-apps/shadow[pam]?
(In reply to Mike Gilbert from comment #1) > I'm more interested in the "machinectl login" failure case. Exactly what > does that do and how does it fail without sys-apps/shadow[pam]? When logging as the homed user, it emits: > Login incorrect In the journal: > Feb 08 16:57:01 Home-PC login[1444730]: no shadow password for 'peter' on '/dev/pts/5' > Feb 08 16:57:04 Home-PC login[1444730]: invalid password for 'peter' on '/dev/pts/5' It would appear that "machinectl login" uses shadow's login, which doesn't use PAM and thus doesn't use PAM's pam_systemd_home.so module.
So it is just calling login in the container. Mixing and matching the pam use flag on different packages is weird. I don’t really want to add deps to systemd just to keep people from doing weird things.
