#3933 HBAC: Always allow the systemd-user service
Opened 10 months ago by jhrozek. Modified 5 months ago

As the user-scoped systemd sessions run pam_acct_mgmt('systemd-user') we should just allow this service. See e.g. discussion in ticket #3932.


btw we should have a way for distributions to opt-out of this, maybe if systemd is selected as the init systemd, this feature could be enabled by default?

May be. On a similar note, perhaps, enabling system-auth PAM service by default in ipa_server_mode = True would be good too?

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1680580

9 months ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.1

9 months ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.2 (was: SSSD 2.1)

9 months ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.3 (was: SSSD 2.2)

5 months ago

Login to comment on this ticket.

Metadata