Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding optional profile for homed support #310

Closed
alexpattyn opened this issue Jun 3, 2022 · 6 comments
Closed

Adding optional profile for homed support #310

alexpattyn opened this issue Jun 3, 2022 · 6 comments

Comments

@alexpattyn
Copy link
Contributor

alexpattyn commented Jun 3, 2022
edited

Based on the discussion here, in order to have fedora support homed without manual changes to /etc/authselect/system-auth or /etc/authselect/password-auth (which gets overridden on updates) there should be additional optional PAM configs that allow login when systemd-homed is enabled.

Currently I found that modifying the aforementioned configs allows for login to homed users via su $USER and from the gnome login screen. Therefore should I make a new profile that changes those file to enable homed support?
@alexpattyn
Copy link
Contributor Author

Looking around at how things are structured and what Iker said in the linked discussion it seems adding some optional authselect select sssd with-homed is the way forward?

@alexpattyn
Copy link
Contributor Author

Seems like it should be enough to just edit /etc/authselect/system-auth and /etc/authselect/password-auth. Example config below:

# Generated by authselect on Fri Jun  3 13:04:59 2022
# Do not modify this file manually, use authselect instead. Any user changes will be overwritten.
# You can stop authselect from managing your configuration by calling 'authselect opt-out'.
# See authselect(8) for more details.

-auth       sufficient                                   pam_systemd_home.so {include if "with-homed"}
...

-account    sufficient                                    pam_systemd_home.so {include if "with-homed"}
...

-password    sufficient                                  pam_systemd_home.so {include if "with-homed"}
...

-session    optional                                    pam_systemd_home.so {include if "with-homed"}
...

@alexpattyn alexpattyn mentioned this issue Jun 3, 2022
Closed
@freddyw
Copy link

freddyw commented Jun 7, 2022

I would very much love to see this become a reality. I currently use a 'custom' authselect profile (based on 'minimal') for this reason but a simple option to enable it in the default profile would be better in many ways i reckon.

@richiedaze
Copy link

richiedaze commented Jul 8, 2022
edited

I've been using mines since Silverblue 32. I haven't updated it since. Feel free to help us all.

I ended up creating a custom profile because I never finished adding and testing the edits to the other profiles.

@godvino
Copy link

godvino commented Jan 14, 2023

I guess this issue can be closed now as #311 has been merged.

@pbrezina
Copy link
Member

Yes, thank you.

@alexpattyn alexpattyn mentioned this issue May 6, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@richiedaze @freddyw @pbrezina @alexpattyn @godvino