all lists on lists.proxmox.com
 help / color / mirror / Atom feed
* [pve-devel] [PATCH access-control] change PAM service name
@ 2020-11-20 10:05 Wolfgang Bumiller
  2020-11-20 13:53 ` [pve-devel] applied: " Thomas Lamprecht
  0 siblings, 1 reply; 2+ messages in thread
From: Wolfgang Bumiller @ 2020-11-20 10:05 UTC (permalink / raw)
  To: pve-devel

Instead of 'common-auth' use 'proxmox-ve-auth', this way
users can override PAM authentication settings via
`/etc/pam.d/proxmox-ve-auth`.

If the file does not exist, pam will use `/etc/pam.d/other`
which by default behaves like `common-auth`.

Note that this *can* be different from directly using
`common-auth` *if* a user has actually modified
`/etc/pam.d/other` for some reason.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
 PVE/Auth/PAM.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/PVE/Auth/PAM.pm b/PVE/Auth/PAM.pm
index 42feba8..d016f83 100755
--- a/PVE/Auth/PAM.pm
+++ b/PVE/Auth/PAM.pm
@@ -27,7 +27,7 @@ sub authenticate_user {
     # user (www-data) need to be able to read /etc/passwd /etc/shadow
     die "no password\n" if !$password;
 
-    my $pamh = new Authen::PAM('common-auth', $username, sub {
+    my $pamh = new Authen::PAM('proxmox-ve-auth', $username, sub {
 	my @res;
 	while(@_) {
 	    my $msg_type = shift;
-- 
2.20.1





^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-11-20 13:53 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-20 10:05 [pve-devel] [PATCH access-control] change PAM service name Wolfgang Bumiller
2020-11-20 13:53 ` [pve-devel] applied: " Thomas Lamprecht

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal