pam_systemd
Register user sessions with systemd
SYNOPSIS
pam_systemd.so [options]
PARAMETERS
enable_pam_config
Enable PAM config parsing to read in systemd settings defined in PAM config files.debug
Enable debug logging for the module.user_idle_threshold=
time
Sets a threshold after which the user is considered idle
DESCRIPTION
pam_systemd is a PAM module responsible for registering user sessions with systemd. When a user logs in, it registers the session with the systemd session manager, allowing systemd to track the session's processes and resources. This is crucial for proper session lifecycle management, resource accounting, and user service management. The module sets up a systemd scope unit for the session, which encapsulates all processes belonging to the session. This enables resource limits, process accounting, and other management features to be applied to the session as a whole. This integration allows systemd to automatically manage user services and terminate them when the user logs out. Without pam_systemd, user sessions might not be properly tracked, leading to orphaned processes and resource leaks. It relies on environment variables set by the login process or passed through PAM environment variables to define session parameters.
CAVEATS
Ensure pam_systemd is properly configured in your PAM stack for login services, otherwise systemd will not be aware of the session.
Incorrect or missing PAM configuration can lead to issues with session tracking and user service management.
PLACEMENT IN PAM CONFIGURATION
pam_systemd should typically be placed in the 'session' section of the PAM configuration file. It is important to ensure that it is called both on session open and session close to properly register and unregister the session with systemd. A typical configuration would include 'session required pam_systemd.so'.
IMPACT ON USER SERVICES
pam_systemd's integration with systemd directly affects user services. When a user logs out, systemd automatically terminates user services that are associated with that session. This ensures that resources are cleaned up and prevents orphaned processes from persisting after logout.
HISTORY
pam_systemd was introduced as part of the systemd project to provide seamless integration between PAM and the systemd session manager. It replaced older session management mechanisms and provided a more robust and unified approach. Its development was driven by the need for better session tracking, resource accounting, and user service management in modern Linux systems. The module has evolved alongside systemd, incorporating new features and improvements as systemd's capabilities have expanded.