[Bug 292964] lib/libpam/pam.d/sshd: apply pam system defaults to sshd too

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 292964] lib/libpam/pam.d/sshd: apply pam system defaults to sshd too"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 24 Mar 2026 12:21:16 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292964

Benjamin Takacs <nimaje+fbz@bureaucracy.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #267815|0                           |1
        is obsolete|                            |

--- Comment #3 from Benjamin Takacs <nimaje+fbz@bureaucracy.de> ---
Created attachment 269073
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=269073&action=edit
make pam system defaults real defaults

Then the IAM part should be split up into its own config, so that system works
as system wide defaults as the comment says. Currently sshd is at least missing
pam_xdg from the shipped system defaults and not sure if it should have
pam_lastlog, but that seems like something that should be a default for
everything too.

This would also help with duplication in xdm, which also don't include system
where an administrator would expect all configs which should apply as login
defaults to belong. that duplication can already be seen, by xdm configuring
pam_xdg.

Not sure about the other configs in /etc/pam.d as they aren't about a user
logging into their system.

No idea what should be system defaults and what is just duplication between
login and su, so I stayed on the safe side here.

-- 
You are receiving this mail because:
You are the assignee for the bug.