PAM session setup and environment variables
Michal Sekletar
msekleta at redhat.com
Tue Dec 17 00:51:31 AEDT 2024
Hello everyone,
I am trying to adjust the systemd-logind classification of the SSH
session opened by Ansible client. By default the SSH session created
by Ansible client is Class=user and Type=tty in systemd-logind.
pam_systemd.so allows users to change this default via the environment
variables XDG_SESSION_CLASS and XDG_SESSION_TYPE. When I set these
variables on the client and make sure they are accepted by the server
I observe in the log that variables are set but that happens *after*
PAM session is created in the child process. Hence I have two obvious
questions...
Is my analysis correct and thus it is not possible to influence PAM
session set up via environment variables set by the client? If so,
would you be open to accepting the patch to change that, i.e. all
environment variables set by the client would be exposed in the child
process that opens the PAM session?
Cheers,
Michal
PS: I want to be able to distinguish between "normal" ssh sessions and
Ansible sessions as I think that Ansible sessions have slightly
different semantics, e.g. no idle timeouts should apply to them even
if they allocate PTY, similar to cron sessions.
More information about the openssh-unix-dev
mailing list