Michal Koutný <mkou...@suse.com> writes: > On Tue, Jul 22, 2025 at 06:21:28PM +0200, Dominick Grift > <dominick.gr...@defensec.nl> wrote: >> To be clear: >> >> 1. currently sd-pam does not always run as root > > Ah, good. > >> 2. when sd-pam does not run as root then it lacks permission needed to >> do its job for some pam modules > > Such modules are frowned upon > https://github.com/systemd/systemd/issues/8598#issuecomment-1883471227
That is the answer I was looking for. It think it is unreasonable for systemd to unilateraly decide to break these modules. This could introduce security issues. Not to mention that systemd seemingly decides its exceptional compared to other login programs. > > Michal > -- gpg --locate-keys dominick.gr...@defensec.nl (wkd) Key fingerprint = FCD2 3660 5D6B 9D27 7FC6 E0FF DA7E 521F 10F6 4098 Dominick Grift Mastodon: @kcini...@defensec.nl
