summary refs log tree commit diff
diff options
context:
space:
mode:
author宋文武 <iyzsong@gmail.com>2015-12-02 21:28:35 +0800
committer宋文武 <iyzsong@gmail.com>2015-12-05 10:51:49 +0800
commitaf9908ff56fc9263c5f343c23002ac11300e195e (patch)
tree9752eb32065f1b69fb5833d6ea2f81c118b6f0a0
parente10964efd26fdbc3f8b2b5c3a0d359916df1b914 (diff)
downloadguix-af9908ff56fc9263c5f343c23002ac11300e195e.tar.gz
system: pam: Honor /etc/environment.
* gnu/system/pam.scm (unix-pam-service): Add pam_env module to the session group.
-rw-r--r--gnu/system/pam.scm9
1 files changed, 6 insertions, 3 deletions
diff --git a/gnu/system/pam.scm b/gnu/system/pam.scm
index d8470f02a3..99d94a1a81 100644
--- a/gnu/system/pam.scm
+++ b/gnu/system/pam.scm
@@ -128,7 +128,10 @@ dumped in /etc/pam.d/NAME, where NAME is the name of SERVICE."
 (define unix-pam-service
   (let ((unix (pam-entry
                (control "required")
-               (module "pam_unix.so"))))
+               (module "pam_unix.so")))
+        (env  (pam-entry ; to honor /etc/environment.
+               (control "required")
+               (module "pam_env.so"))))
     (lambda* (name #:key allow-empty-passwords? motd)
       "Return a standard Unix-style PAM service for NAME.  When
 ALLOW-EMPTY-PASSWORDS? is true, allow empty passwords.  When MOTD is true, it
@@ -150,13 +153,13 @@ should be a file-like object used as the message-of-the-day."
                           ;; Store SHA-512 encrypted passwords in /etc/shadow.
                           (arguments '("sha512" "shadow")))))
          (session (if motd
-                      (list unix
+                      (list env unix
                             (pam-entry
                              (control "optional")
                              (module "pam_motd.so")
                              (arguments
                               (list #~(string-append "motd=" #$motd)))))
-                      (list unix))))))))
+                      (list env unix))))))))
 
 (define (rootok-pam-service command)
   "Return a PAM service for COMMAND such that 'root' does not need to