diff options
Diffstat (limited to 'nixos/doc')
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-1903.xml | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1903.xml b/nixos/doc/manual/release-notes/rl-1903.xml index 69e94fbccc5c..7bc887693376 100644 --- a/nixos/doc/manual/release-notes/rl-1903.xml +++ b/nixos/doc/manual/release-notes/rl-1903.xml @@ -318,6 +318,22 @@ case. </para> </listitem> + <listitem> + <para> + The <literal>pam_unix</literal> account module is now loaded with its + control field set to <literal>required</literal> instead of + <literal>sufficient</literal>, so that later pam account modules that + might do more extensive checks are being executed. + Previously, the whole account module verification was exited prematurely + in case a nss module provided the account name to + <literal>pam_unix</literal>. + The LDAP and SSSD NixOS modules already add their NSS modules when + enabled. In case your setup breaks due to some later pam account module + previosuly shadowed, or failing NSS lookups, please file a bug. You can + get back the old behaviour by manually setting + <literal><![CDATA[security.pam.services.<name?>.text]]></literal>. + </para> + </listitem> </itemizedlist> </section> |