[pve-devel] [PATCH access-control] change PAM service name

[pve-devel] [PATCH access-control] change PAM service name

[Wolfgang Bumiller]

Instead of 'common-auth' use 'proxmox-ve-auth', this way
users can override PAM authentication settings via
`/etc/pam.d/proxmox-ve-auth`.

If the file does not exist, pam will use `/etc/pam.d/other`
which by default behaves like `common-auth`.

Note that this *can* be different from directly using
`common-auth` *if* a user has actually modified
`/etc/pam.d/other` for some reason.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
 PVE/Auth/PAM.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/PVE/Auth/PAM.pm b/PVE/Auth/PAM.pm
index 42feba8..d016f83 100755
--- a/PVE/Auth/PAM.pm
+++ b/PVE/Auth/PAM.pm
@@ -27,7 +27,7 @@ sub authenticate_user {
     # user (www-data) need to be able to read /etc/passwd /etc/shadow
     die "no password\n" if !$password;
 
-    my $pamh = new Authen::PAM('common-auth', $username, sub {
+    my $pamh = new Authen::PAM('proxmox-ve-auth', $username, sub {
 	my @res;
 	while(@_) {
 	    my $msg_type = shift;
-- 
2.20.1

[pve-devel] applied: [PATCH access-control] change PAM service name

[Thomas Lamprecht]

On 20.11.20 11:05, Wolfgang Bumiller wrote:
> Instead of 'common-auth' use 'proxmox-ve-auth', this way
> users can override PAM authentication settings via
> `/etc/pam.d/proxmox-ve-auth`.
> 
> If the file does not exist, pam will use `/etc/pam.d/other`
> which by default behaves like `common-auth`.
> 
> Note that this *can* be different from directly using
> `common-auth` *if* a user has actually modified
> `/etc/pam.d/other` for some reason.
> 
> Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
> ---
>  PVE/Auth/PAM.pm | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
>

applied, adding "fixes #1670" to the commit subject, thanks!