Am Montag, 10. Januar 2022, 10:21:04 CET schrieb Martin:
> Am Sonntag, 9. Januar 2022, 22:49:54 CET schrieb Martin:
>
> I digged a little bit deeper and the entry in the system-auth file is a
> solution, but not the fedora way of configuring - al least not completely.
>
> My system is a very old one (about eight years) and upgraded over several
> fedora versions. The pam system was originally configured by a tool called
> authconfig (which changes system-auth and some other pam files). This tool
> is no longer available in fedora 35 and seems to be replaced by another
> tool called authselect.
>
> If you don't plan to use authselect changing the system-auth file is fine.
> If you plan to use it, this system-auth pam file will be overwritten. The
> umask part will work nevertheless, as authselect uses the pam file
> postlogin for the pam_umask.so part (you have to configure UMASK in
> /etc/login.defs for using the default pam_umask module).
>
> try "authselect test sssd" and check the output to see which files will be
> changed/replaced with which content. I am currently investigation these
> changes and will test if this fits my needs. If yes, i have a clean system
> and can update my pam system without any hassle.
Another reply to myself :-)
I went the standard authselect path and umask was still set to 022 :-(. So I tried several changes in the pam files. Adding pam_umaks to system-auth works, but all changes in postlogin did not.
so I checked which pam.d files includes system-auth an does not include postlogin and bingo - systemd-user is the important pam.d file. adding "session include postlogin" right after the line "session include system-auth" did the trick.
Now my systems are running as I want and use standard authselect sssd profiles. To my point of view this is a "bug" in the systemd-user pam.d file, this should include the postlogin stuff as well.
Regards
Martin
>
> Regards
> Martin
>
> > Regards
> > Martin
> >
> > > Please file a bug upstream at bugs.kde.org. Upstream KDE developers
> > > look there for these things and will be able to do something about the
> > > problem.
> > >
> > >
> > >
> > >
> > > --
> > > 真実はいつも一つ!/ Always, there's only one truth!
> > > _______________________________________________
> > > kde mailing list -- kde@xxxxxxxxxxxxxxxxxxxxxxx
> > > To unsubscribe send an email to kde-leave@xxxxxxxxxxxxxxxxxxxxxxx
> > > Fedora Code of Conduct:
> > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List
> > > Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List
> > > Archives:
> > > https://lists.fedoraproject.org/archives/list/kde@xxxxxxxxxxxxxxxxxxxxxx
> > > g
> > > Do not reply to spam on the list, report it:
> > > https://pagure.io/fedora-infrastructure
_______________________________________________ kde mailing list -- kde@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to kde-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kde@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure