969ec301d5
In Red Hat based distributions, there is no pam-configs like mechanism (authselect seems too heavy and is not configured by default), so instead, we replace the PAM file. Enable su for users in the qubes group, same as in the Debian package.
22 lines
790 B
Plaintext
22 lines
790 B
Plaintext
#%PAM-1.0
|
|
auth sufficient pam_rootok.so
|
|
# Uncomment the following line to implicitly trust users in the "wheel" group.
|
|
#auth sufficient pam_wheel.so trust use_uid
|
|
# Uncomment the following line to require a user to be in the "wheel" group.
|
|
#auth required pam_wheel.so use_uid
|
|
|
|
# {{ Qubes specific modifications begin here
|
|
# Prevent su from asking for password
|
|
# (by package qubes-core-agent-passwordless-root).
|
|
auth sufficient pam_succeed_if.so use_uid user ingroup qubes
|
|
# }} Qubes specific modifications end here
|
|
|
|
auth substack system-auth
|
|
auth include postlogin
|
|
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
|
|
account include system-auth
|
|
password include system-auth
|
|
session include system-auth
|
|
session include postlogin
|
|
session optional pam_xauth.so
|