Am Montag, 10. Januar 2022, 10:21:04 CET schrieb Martin:
> Am Sonntag, 9. Januar 2022, 22:49:54 CET schrieb Martin:
> I digged a little bit deeper and the entry in the system-auth file is a
> solution, but not the fedora way of configuring - al least not completely.
> My system is a very old one (about eight years) and upgraded over several
> fedora versions. The pam system was originally configured by a tool called
> authconfig (which changes system-auth and some other pam files). This tool
> is no longer available in fedora 35 and seems to be replaced by another
> tool called authselect.
> If you don't plan to use authselect changing the system-auth file is fine.
> If you plan to use it, this system-auth pam file will be overwritten. The
> umask part will work nevertheless, as authselect uses the pam file
> postlogin for the pam_umask.so part (you have to configure UMASK in
> /etc/login.defs for using the default pam_umask module).
> try "authselect test sssd" and check the output to see which files will be
> changed/replaced with which content. I am currently investigation these
> changes and will test if this fits my needs. If yes, i have a clean system
> and can update my pam system without any hassle.
Another reply to myself :-)
I went the standard authselect path and umask was still set to 022 :-(. So I tried several changes in the pam files. Adding pam_umaks to system-auth works, but all changes in postlogin did not.
so I checked which pam.d files includes system-auth an does not include postlogin and bingo - systemd-user is the important pam.d file. adding "session include postlogin" right after the line "session include system-auth" did the trick.
Now my systems are running as I want and use standard authselect sssd profiles. To my point of view this is a "bug" in the systemd-user pam.d file, this should include the postlogin stuff as well.
> > Regards
> > Martin
> > > Please file a bug upstream at bugs.kde.org. Upstream KDE developers
> > > look there for these things and will be able to do something about the
> > > problem.
> > >
> > >
> > >
> > >
> > > --
> > > 真実はいつも一つ！/ Always, there's only one truth!
> > > _______________________________________________
> > > kde mailing list -- firstname.lastname@example.org
> > > To unsubscribe send an email to email@example.com
> > > Fedora Code of Conduct:
> > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List
> > > Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List
> > > Archives:
> > > https://firstname.lastname@example.org
> > > g
> > > Do not reply to spam on the list, report it:
> > > https://pagure.io/fedora-infrastructure