pam_systemd

pam_systemd.so [options]

enable_pam_config
    Enable PAM config parsing to read in systemd settings defined in PAM config files.

debug
    Enable debug logging for the module.

user_idle_threshold=time
    Sets a threshold after which the user is considered idle

pam_systemd is a PAM module responsible for registering user sessions with systemd. When a user logs in, it registers the session with the systemd session manager, allowing systemd to track the session's processes and resources. This is crucial for proper session lifecycle management, resource accounting, and user service management. The module sets up a systemd scope unit for the session, which encapsulates all processes belonging to the session. This enables resource limits, process accounting, and other management features to be applied to the session as a whole. This integration allows systemd to automatically manage user services and terminate them when the user logs out. Without pam_systemd, user sessions might not be properly tracked, leading to orphaned processes and resource leaks. It relies on environment variables set by the login process or passed through PAM environment variables to define session parameters.

Ensure pam_systemd is properly configured in your PAM stack for login services, otherwise systemd will not be aware of the session.
Incorrect or missing PAM configuration can lead to issues with session tracking and user service management.

pam_systemd should typically be placed in the 'session' section of the PAM configuration file. It is important to ensure that it is called both on session open and session close to properly register and unregister the session with systemd. A typical configuration would include 'session required pam_systemd.so'.

pam_systemd's integration with systemd directly affects user services. When a user logs out, systemd automatically terminates user services that are associated with that session. This ensures that resources are cleaned up and prevents orphaned processes from persisting after logout.

pam_systemd was introduced as part of the systemd project to provide seamless integration between PAM and the systemd session manager. It replaced older session management mechanisms and provided a more robust and unified approach. Its development was driven by the need for better session tracking, resource accounting, and user service management in modern Linux systems. The module has evolved alongside systemd, incorporating new features and improvements as systemd's capabilities have expanded.

systemd(1), loginctl(1), pam(8), pam.conf(5)