On 1/10/22 10:50 AM, Martin wrote:
Am Montag, 10. Januar 2022, 10:21:04 CET schrieb Martin: > Am Sonntag, 9. Januar 2022, 22:49:54 CET schrieb Martin: > > I digged a little bit deeper and the entry in the system-auth file is a > solution, but not the fedora way of configuring - al least not completely. > > My system is a very old one (about eight years) and upgraded over several > fedora versions. The pam system was originally configured by a tool called > authconfig (which changes system-auth and some other pam files). This tool > is no longer available in fedora 35 and seems to be replaced by another > tool called authselect. > > If you don't plan to use authselect changing the system-auth file is fine. > If you plan to use it, this system-auth pam file will be overwritten. The > umask part will work nevertheless, as authselect uses the pam file > postlogin for the pam_umask.so part (you have to configure UMASK in > /etc/login.defs for using the default pam_umask module). > > try "authselect test sssd" and check the output to see which files will be > changed/replaced with which content. I am currently investigation these > changes and will test if this fits my needs. If yes, i have a clean system > and can update my pam system without any hassle. Another reply to myself :-) I went the standard authselect path and umask was still set to 022 :-(. So I tried several changes in the pam files. Adding pam_umaks to system-auth works, but all changes in postlogin did not. so I checked which pam.d files includes system-auth an does not include postlogin and bingo - systemd-user is the important pam.d file. adding "session include postlogin" right after the line "session include system-auth" did the trick. Now my systems are running as I want and use standard authselect sssd profiles. To my point of view this is a "bug" in the systemd-user pam.d file, this should include the postlogin stuff as well. Regards Martin > > Regards > Martin > > > Regards > > Martin > > > > > Please file a bug upstream at bugs.kde.org. Upstream KDE developers > > > look there for these things and will be able to do something about the > > > problem. > > > > > > > > > > > > > > > -- > > > 真実はいつも一つ!/ Always, there's only one truth!
Will you file a bug report? When investigating this issue I found that it wasn't only Fedora with this problem. I'd file the bug but I don't know enough about pam, especially as described above :-) Emmett _______________________________________________ kde mailing list -- kde@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to kde-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kde@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
