From e6b7b0ce4136d5f670839c18331012ae7bbb2f6c Mon Sep 17 00:00:00 2001 From: Samuli Suominen Date: Fri, 14 Mar 2014 14:58:46 +0200 Subject: [PATCH] Add quiet parameter to pam_mail.so, see Gentoo bug #473678. Move pam_env.so last on the stack as per pam_env.so manpage since PAM envs can affect other modules unwantedly, and this way its possible to set $XDG_RUNTIME_DIR in pam_env.conf. Move pam_systemd.so back to system-login where is should be together with pam_ck_connector.so; multiple per package pam files include system-auth, but not system-login, so this will reduce overhead. Futhermore, ArchLinux is using our old copy of pambase and is including these same solutions, so this commit would make our pambase in line with their version, and they could again merge back our latest pambase. The systemd-user pam file that is installed from sys-apps/systemd should be fixed to use system-login instead of system-auth for pambase in Gentoo, like it is done in ArchLinux. --- system-auth.in | 11 ++++------- system-login.in | 13 ++++++++----- system-services.in | 3 +++ system-session.inc | 3 --- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/system-auth.in b/system-auth.in index 43df701..3a2cefb 100644 --- a/system-auth.in +++ b/system-auth.in @@ -1,6 +1,3 @@ -#if HAVE_ENV -auth required pam_env.so DEBUG -#endif #if HAVE_PAM_SSH auth sufficient pam_ssh.so #endif @@ -10,6 +7,9 @@ auth KRB5_CONTROL pam_krb5.so KRB5_PARAMS auth required pam_unix.so try_first_pass LIKEAUTH nullok DEBUG /* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */ auth optional pam_permit.so +#if HAVE_ENV +auth required pam_env.so DEBUG +#endif #if HAVE_KRB5 account KRB5_CONTROL pam_krb5.so KRB5_PARAMS @@ -34,8 +34,5 @@ password optional pam_permit.so #if HAVE_PAM_SSH session optional pam_ssh.so #endif -#include "system-session.inc" -#if HAVE_SYSTEMD --session optional pam_systemd.so -#endif +#include "system-session.inc" diff --git a/system-login.in b/system-login.in index 11ac032..148cba7 100644 --- a/system-login.in +++ b/system-login.in @@ -37,9 +37,6 @@ session optional pam_loginuid.so #if HAVE_SELINUX session required pam_selinux.so close #endif -#if HAVE_ENV -session required pam_env.so DEBUG -#endif #if HAVE_LASTLOG session optional pam_lastlog.so silent DEBUG #endif @@ -47,6 +44,9 @@ session include system-auth #if HAVE_CONSOLEKIT session optional pam_ck_connector.so nox11 #endif +#if HAVE_SYSTEMD +-session optional pam_systemd.so +#endif #if HAVE_GNOME_KEYRING session optional pam_gnome_keyring.so auto_start #endif @@ -57,6 +57,9 @@ session required pam_selinux.so multiple open session optional pam_motd.so motd=/etc/motd #endif #if HAVE_MAIL -session optional pam_mail.so +session optional pam_mail.so quiet +#endif + +#if HAVE_ENV +session required pam_env.so DEBUG #endif - diff --git a/system-services.in b/system-services.in index 989267f..47f4561 100644 --- a/system-services.in +++ b/system-services.in @@ -6,3 +6,6 @@ account include system-auth session optional pam_loginuid.so #endif #include "system-session.inc" +#if HAVE_ENV +session required pam_env.so DEBUG +#endif diff --git a/system-session.inc b/system-session.inc index 2ba6964..4b042c3 100644 --- a/system-session.inc +++ b/system-session.inc @@ -1,9 +1,6 @@ #if HAVE_LIMITS session required pam_limits.so DEBUG #endif -#if HAVE_ENV -session required pam_env.so DEBUG -#endif #if HAVE_MKTEMP session optional pam_mktemp.so #endif -- 1.9.0