From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1367565-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 79BAE15808B
	for <garchives@archives.gentoo.org>; Mon, 14 Feb 2022 16:52:36 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id AD1D9E081B;
	Mon, 14 Feb 2022 16:52:35 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 8D62CE081B
	for <gentoo-commits@lists.gentoo.org>; Mon, 14 Feb 2022 16:52:35 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 8B06A342B67
	for <gentoo-commits@lists.gentoo.org>; Mon, 14 Feb 2022 16:52:34 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 1281D1BD
	for <gentoo-commits@lists.gentoo.org>; Mon, 14 Feb 2022 16:52:33 +0000 (UTC)
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" <sam@gentoo.org>
Message-ID: <1644857511.dacde6da43a9c87f896b842946b514cd49db5dd3.sam@gentoo>
Subject: [gentoo-commits] proj/pambase:master commit in: templates/
X-VCS-Repository: proj/pambase
X-VCS-Files: templates/system-auth.tpl
X-VCS-Directories: templates/
X-VCS-Committer: sam
X-VCS-Committer-Name: Sam James
X-VCS-Revision: dacde6da43a9c87f896b842946b514cd49db5dd3
X-VCS-Branch: master
Date: Mon, 14 Feb 2022 16:52:33 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: ff833b79-a7d9-42ef-bad2-737b1801181c
X-Archives-Hash: 1606330960fff973a4926ad76dc3d126

commit:     dacde6da43a9c87f896b842946b514cd49db5dd3
Author:     Alexandra Parker <alex.iris.parker <AT> gmail <DOT> com>
AuthorDate: Sat Feb 12 21:30:29 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Feb 14 16:51:51 2022 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=dacde6da

homed: add before pam_unix

- --homed inserts pam_systemd_home before pam_unix

- --homed --krb5 does that and adjusts krb5's jump to 4 modules

Signed-off-by: Alexandra Parker <alex.iris.parker <AT> gmail.com>
Closes: https://bugs.gentoo.org/808993
Closes: https://github.com/gentoo/pambase/pull/9
Signed-off-by: Sam James <sam <AT> gentoo.org>

 templates/system-auth.tpl | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 62344ff..9739b6f 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -4,16 +4,14 @@ auth		sufficient	pam_ssh.so
 {% endif %}
 
 {% if krb5 %}
-auth		[success=3 default=ignore]      pam_krb5.so {{ krb5_params }}
+auth		[success={{ 4 if homed else 3 }} default=ignore]      pam_krb5.so {{ krb5_params }}
 {% endif %}
 
 auth		requisite	pam_faillock.so preauth
 {% if homed %}
-auth		[success=2 default=ignore]	pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass
-auth            [success=1 default=ignore]      pam_systemd_home.so
-{% else %}
-auth            [success=1 default=ignore]      pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass
+auth            [success=2 default=ignore]      pam_systemd_home.so
 {% endif %}
+auth            [success=1 default=ignore]      pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass
 auth		[default=die]	pam_faillock.so authfail
 
 {% if caps %}