[pve-devel] [PATCH access-control] change PAM service name
Wolfgang Bumiller
w.bumiller at proxmox.com
Fri Nov 20 11:05:34 CET 2020
Instead of 'common-auth' use 'proxmox-ve-auth', this way
users can override PAM authentication settings via
`/etc/pam.d/proxmox-ve-auth`.
If the file does not exist, pam will use `/etc/pam.d/other`
which by default behaves like `common-auth`.
Note that this *can* be different from directly using
`common-auth` *if* a user has actually modified
`/etc/pam.d/other` for some reason.
Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
---
PVE/Auth/PAM.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/PVE/Auth/PAM.pm b/PVE/Auth/PAM.pm
index 42feba8..d016f83 100755
--- a/PVE/Auth/PAM.pm
+++ b/PVE/Auth/PAM.pm
@@ -27,7 +27,7 @@ sub authenticate_user {
# user (www-data) need to be able to read /etc/passwd /etc/shadow
die "no password\n" if !$password;
- my $pamh = new Authen::PAM('common-auth', $username, sub {
+ my $pamh = new Authen::PAM('proxmox-ve-auth', $username, sub {
my @res;
while(@_) {
my $msg_type = shift;
--
2.20.1
More information about the pve-devel
mailing list