Am Montag, 10. Januar 2022, 10:21:04 CET schrieb Martin:
> Am Sonntag, 9. Januar 2022, 22:49:54 CET schrieb Martin:
> I digged a little bit deeper and the entry in the system-auth file is a
> solution, but not the fedora way of configuring - al least not completely.
> My system is a very old one (about eight years) and upgraded over several
> fedora versions. The pam system was originally configured by a tool called
> authconfig (which changes system-auth and some other pam files). This tool
> is no longer available in fedora 35 and seems to be replaced by another
> tool called authselect.
> If you don't plan to use authselect changing the system-auth file is fine.
> If you plan to use it, this system-auth pam file will be overwritten. The
> umask part will work nevertheless, as authselect uses the pam file
> postlogin for the pam_umask.so part (you have to configure UMASK in
> /etc/login.defs for using the default pam_umask module).
> try "authselect test sssd" and check the output to see which files will
> changed/replaced with which content. I am currently investigation these
> changes and will test if this fits my needs. If yes, i have a clean system
> and can update my pam system without any hassle.
Another reply to myself :-)
I went the standard authselect path and umask was still set to 022 :-(. So I tried
several changes in the pam files. Adding pam_umaks to system-auth works, but all changes
in postlogin did not.
so I checked which pam.d files includes system-auth an does not include postlogin and
bingo - systemd-user is the important pam.d file. adding "session include
postlogin" right after the line "session include system-auth" did the
Now my systems are running as I want and use standard authselect sssd profiles. To my
point of view this is a "bug" in the systemd-user pam.d file, this should
include the postlogin stuff as well.
> > Regards
> > Martin
> > > Please file a bug upstream at bugs.kde.org
. Upstream KDE developers
> > > look there for these things and will be able to do something about the
> > > problem.
> > >
> > >
> > >
> > >
> > > --
> > > 真実はいつも一つ！/ Always, there's only one truth!
Will you file a bug report? When investigating this issue I found that it wasn't only
Fedora with this problem.
I'd file the bug but I don't know enough about pam, especially as described above