Am Montag, 10. Januar 2022, 10:21:04 CET schrieb Martin:
Am Sonntag, 9. Januar 2022, 22:49:54 CET schrieb Martin:
I digged a little bit deeper and the entry in the system-auth file is a
solution, but not the fedora way of configuring - al least not completely.
My system is a very old one (about eight years) and upgraded over several
fedora versions. The pam system was originally configured by a tool called
authconfig (which changes system-auth and some other pam files). This tool
is no longer available in fedora 35 and seems to be replaced by another
tool called authselect.
If you don't plan to use authselect changing the system-auth file is fine.
If you plan to use it, this system-auth pam file will be overwritten. The
umask part will work nevertheless, as authselect uses the pam file
postlogin for the pam_umask.so part (you have to configure UMASK in
/etc/login.defs for using the default pam_umask module).
try "authselect test sssd" and check the output to see which files will be
changed/replaced with which content. I am currently investigation these
changes and will test if this fits my needs. If yes, i have a clean system
and can update my pam system without any hassle.
Another reply to myself :-)
I went the standard authselect path and umask was still set to 022 :-(. So I tried several
changes in the pam files. Adding pam_umaks to system-auth works, but all changes in
postlogin did not.
so I checked which pam.d files includes system-auth an does not include postlogin and
bingo - systemd-user is the important pam.d file. adding "session include
after the line "session include system-auth" did the trick.
Now my systems are running as I want and use standard authselect sssd profiles. To my
point of view this is a "bug" in the systemd-user pam.d file, this should
postlogin stuff as well.
> > Please file a bug upstream at bugs.kde.org
. Upstream KDE developers
> > look there for these things and will be able to do something about the
> > problem.
> > --
> > 真実はいつも一つ！/ Always, there's only one truth!
> > _______________________________________________
> > kde mailing list -- kde(a)lists.fedoraproject.org
> > To unsubscribe send an email to kde-leave(a)lists.fedoraproject.org
> > Fedora Code of Conduct:
> > https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > Archives:
> > https://email@example.com
> > g
> > Do not reply to spam on the list, report it:
> > https://pagure.io/fedora-infrastructure