Open xxc3nsoredxx opened 3 years ago
The issue was that physlock
didn't set the PAM_TTY
item. Without this, pam_securetty.so
cannot determine if the authenticating TTY is "secure" and returns a failure. Setting the item to the VT that physlock
is running on fixes that and makes the pam_succeed_if.so
workaround no longer necessary.
I'm using
pam_securetty.so
to restrict the TTYs that root is able to authenticate on, and this breaksphyslock
to where I'm forced to reboot to be able to access my machine ifphyslock
gets started by root.Here's the relevant contents of
/var/log/auth.log
:I believe I know what's causing this though, and will post an update once I've investigated it further.
In the meantime, I'm using
pam_succeed_if.so
to temporarily work around this issue./etc/pam.d/system-auth
: