commit: ec147f9430e1946f6db94ab46048e4ac50d2d24c Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> AuthorDate: Sat Apr 5 21:29:43 2025 +0000 Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> CommitDate: Sun May 25 17:04:21 2025 +0000 URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=ec147f94
Rework pam_krb5 auth If pam_krb5 succeeds, set the action to ok and use a dummy pam_permit to skip over the other auth modules. This should fix breakage triggered by removing pam_shells by default. Bug: https://bugs.gentoo.org/939892 Bug: https://bugs.gentoo.org/956600 Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org> templates/system-auth.tpl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl index d5f1895..905d04f 100644 --- a/templates/system-auth.tpl +++ b/templates/system-auth.tpl @@ -4,7 +4,8 @@ auth sufficient pam_ssh.so {% endif %} {% if krb5 %} -auth [success={{ 4 if homed else 3 }} default=ignore] pam_krb5.so {{ debug }} ignore_root try_first_pass +auth [success=ok default=1] pam_krb5.so {{ debug }} ignore_root try_first_pass +auth [default={{ 3 + homed + (sssd * 3) }}] pam_permit.so {% endif %} {% if sssd %}
