pam_fscrypt: make "lock_policies" the default behavior

All pam_fscrypt configuration guides that I'm aware of say to use the "lock_policies" option for the pam_fscrypt.so session hook. The Debian/Ubuntu pam-config-framework config file has it too. Make locking the default behavior, since this is what everyone wants. Existing configuration files that contain the "lock_policies" option will continue to work, but that option won't do anything anymore. (We could add an option "unlock_only" to restore the old default behavior, but it's not clear that it would be useful. So for simplicity, leave it out for now.)
author: Eric Biggers <ebiggers@google.com> 2021-03-08 15:20:08 -0800
committer: Eric Biggers <ebiggers@google.com> 2021-03-08 15:20:08 -0800
commit: b7e898f01bcae17174fcd928599d0d933655db9b (patch)
tree: a53f09298957ead959a360cb1af0ba9460e8ce9e /pam_fscrypt/config
parent: 28e4999ebd9221a71488d715d9f1182b494216d8 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/pam_fscrypt/config b/pam_fscrypt/config
index d2fbf68..f83dab2 100644
--- a/pam_fscrypt/config
+++ b/pam_fscrypt/config
@@ -7,7 +7,7 @@ Auth-Final:
 Session-Type: Additional
 Session-Interactive-Only: yes
 Session-Final:
-	optional	PAM_INSTALL_PATH lock_policies
+	optional	PAM_INSTALL_PATH
 Password-Type: Additional
 Password-Final:
 	optional	PAM_INSTALL_PATH
author	Eric Biggers <ebiggers@google.com>	2021-03-08 15:20:08 -0800
committer	Eric Biggers <ebiggers@google.com>	2021-03-08 15:20:08 -0800
commit	b7e898f01bcae17174fcd928599d0d933655db9b (patch)
tree	a53f09298957ead959a360cb1af0ba9460e8ce9e /pam_fscrypt/config
parent	28e4999ebd9221a71488d715d9f1182b494216d8 (diff)