login: drop fedora-specific PAM config, add note to DISTRO_PORTING (#4314)

It is impossible to ship a fully generic PAM configuration upstream.
Therefore, ship a minimal configuration with the systemd --user requirements,
and add a note to DISTRO_PORTING documenting this.

Fixes #4284

diff --git a/DISTRO_PORTING b/DISTRO_PORTING
index a397d70..9f61bd6 100644 (file)
--- a/DISTRO_PORTING
+++ b/DISTRO_PORTING
@@ -41,6 +41,13 @@ NTP POOL:
         NTP servers, then you will get served wrong time, and will
         rely on services that might not be supported for long.
 
+PAM:
+        The default PAM config shipped by systemd is really bare bones.
+        It does not include many modules your distro might want to enable
+        to provide a more seamless experience. For example, limits set in
+        /etc/security/limits.conf will not be read unless you load pam_limits.
+        Make sure you add modules your distro expects from user services.
+
 CONTRIBUTING UPSTREAM:
 
         We generally do no longer accept distribution-specific

diff --git a/src/login/systemd-user.m4 b/src/login/systemd-user.m4
index f188a8e..fe38b24 100644 (file)
--- a/src/login/systemd-user.m4
+++ b/src/login/systemd-user.m4
@@ -2,11 +2,9 @@
 #
 # Used by systemd --user instances.
 
-account  include system-auth
-
 m4_ifdef(`HAVE_SELINUX',
 session  required pam_selinux.so close
 session  required pam_selinux.so nottys open
 )m4_dnl
 session  required pam_loginuid.so
-session  include system-auth
+session optional pam_systemd.so