Hi, We have a "common-session" file in the /etc/pam.d directory which contains all the modules that should generally be called when establishing a session: pam_limits, pam_unix, pam_umask, pam_systemd, pam_env. We now would like to include pam_keyinit in this file but "this module should not [...] be invoked by programs like "su""! Does anyone have an idea how to include pam_keyinit everywhere but not for "su" and friends? The obvious answer would be to explicitly include it in all the other files in /etc/pam.d. Another idea would be to put "pam_keyinit" in "common-session" and then have a separate "common-session-su" (or "common-session-nokeyinit") which does not have pam_keyinit. But I'm hoping for a better solution. Thanks, Josef _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list