[pve-devel] [PATCH access-control] change PAM service name

Wolfgang Bumiller w.bumiller at proxmox.com
Fri Nov 20 11:05:34 CET 2020


Instead of 'common-auth' use 'proxmox-ve-auth', this way
users can override PAM authentication settings via
`/etc/pam.d/proxmox-ve-auth`.

If the file does not exist, pam will use `/etc/pam.d/other`
which by default behaves like `common-auth`.

Note that this *can* be different from directly using
`common-auth` *if* a user has actually modified
`/etc/pam.d/other` for some reason.

Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
---
 PVE/Auth/PAM.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/PVE/Auth/PAM.pm b/PVE/Auth/PAM.pm
index 42feba8..d016f83 100755
--- a/PVE/Auth/PAM.pm
+++ b/PVE/Auth/PAM.pm
@@ -27,7 +27,7 @@ sub authenticate_user {
     # user (www-data) need to be able to read /etc/passwd /etc/shadow
     die "no password\n" if !$password;
 
-    my $pamh = new Authen::PAM('common-auth', $username, sub {
+    my $pamh = new Authen::PAM('proxmox-ve-auth', $username, sub {
 	my @res;
 	while(@_) {
 	    my $msg_type = shift;
-- 
2.20.1






More information about the pve-devel mailing list