From 820151f3813f08c704cb87a99988fe39f9f48a8d Mon Sep 17 00:00:00 2001

From: Jakub Hrozek <jhrozek@redhat.com>

Date: Thu, 4 Jul 2019 10:22:25 +0200

Subject: [PATCH] MAN: Document that PAM stack contains the systemd-user

 service in the account phase in RHEL-8

Resolves:

https://pagure.io/SSSD/sssd/issue/3932

Reviewed-by: Tomas Halman <thalman@redhat.com>

---

 src/man/sssd-ldap.5.xml | 8 ++++++++

 1 file changed, 8 insertions(+)

diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml

index c205aea64..aca0f9e72 100644

--- a/src/man/sssd-ldap.5.xml

+++ b/src/man/sssd-ldap.5.xml

@@ -834,6 +834,14 @@

                             ldap_user_authorized_service option

                             to work.

                         </para>

+                        <para>

+                            Some distributions (such as Fedora-29+ or RHEL-8)

+                            always include the <quote>systemd-user</quote> PAM

+                            service as part of the login process. Therefore when

+                            using service-based access control, the

+                            <quote>systemd-user</quote> service might need to be

+                            added to the list of allowed services.

+                        </para>

                         <para>

                             Default: authorizedService

                         </para>

-- 

2.20.1