bus-unit-util: add PrivateTmpEx to bus_append_execute_property()

[thirdparty/systemd.git] / man / pam_systemd.xml

diff --git a/man/pam_systemd.xml b/man/pam_systemd.xml
index c9a3ccbb5f29fecd65a9e37cfb1a827a493c75cb..d6fc6bb8b8d4ece127ae1789c8263e97739b54bf 100644 (file)
--- a/man/pam_systemd.xml
+++ b/man/pam_systemd.xml
@@ -90,11 +90,62 @@
       <varlistentry>
         <term><varname>class=</varname></term>
 
-        <listitem><para>Takes a string argument which sets the session class. The <varname>XDG_SESSION_CLASS</varname>
-        environment variable (see below) takes precedence. One of <literal>user</literal>, <literal>greeter</literal>,
-        <literal>lock-screen</literal> or <literal>background</literal>. See
-        <citerefentry><refentrytitle>sd_session_get_class</refentrytitle><manvolnum>3</manvolnum></citerefentry> for
-        details about the session class.</para>
+        <listitem><para>Takes a string argument which sets the session class. The
+        <varname>XDG_SESSION_CLASS</varname> environment variable (see below) takes precedence. See
+        <citerefentry><refentrytitle>sd_session_get_class</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+        for a way to query the class of a session. The following session classes are defined:</para>
+
+        <table>
+          <title>Session Classes</title>
+          <tgroup cols='2' align='left' colsep='1' rowsep='1'>
+            <colspec colname="name" />
+            <colspec colname="explanation" />
+            <thead>
+              <row>
+                <entry>Name</entry>
+                <entry>Explanation</entry>
+              </row>
+            </thead>
+            <tbody>
+              <row>
+                <entry><constant>user</constant></entry>
+                <entry>A regular interactive user session. This is the default class for sessions for which a TTY or X display is known at session registration time.</entry>
+              </row>
+              <row>
+                <entry><constant>user-early</constant></entry>
+                <entry>Similar to <literal>user</literal> but sessions of this class are not ordered after <filename>systemd-user-sessions.service</filename>, i.e. may be started before regular sessions are allowed to be established. This session class is the default for sessions of the root user that would otherwise qualify for the <constant>user</constant> class, see above. (Added in v256.)</entry>
+              </row>
+              <row>
+                <entry><constant>user-incomplete</constant></entry>
+                <entry>Similar to <literal>user</literal> but for sessions which are not fully set up yet, i.e. have no home directory mounted or similar. This is used by <citerefentry><refentrytitle>systemd-homed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> to allow users to log in via <command>ssh</command> before their home directory is mounted, delaying the mount until the user provided the unlock password. Sessions of this class are upgraded to the regular <constant>user</constant> class once the home directory is activated.</entry>
+              </row>
+              <row>
+                <entry><constant>greeter</constant></entry>
+                <entry>Similar to <literal>user</literal> but for sessions that are spawned by a display manager ephemerally and which prompt the user for login credentials.</entry>
+              </row>
+              <row>
+                <entry><constant>lock-screen</constant></entry>
+                <entry>Similar to <literal>user</literal> but for sessions that are spawned by a display manager ephemerally and which show a lock screen that can be used to unlock locked user accounts or sessions.</entry>
+              </row>
+              <row>
+                <entry><constant>background</constant></entry>
+                <entry>Used for background sessions, such as those invoked by <command>cron</command> and similar tools. This is the default class for sessions for which no TTY or X display is known at session registration time.</entry>
+              </row>
+              <row>
+                <entry><constant>background-light</constant></entry>
+                <entry>Similar to <constant>background</constant>, but sessions of this class will not pull in the <filename>user@.service</filename> of the user, and thus possibly have no services of the user running. (Added in v256.)</entry>
+              </row>
+              <row>
+                <entry><constant>manager</constant></entry>
+                <entry>The <filename>user@.service</filename> service of the user is registered under this session class. (Added in v256.)</entry>
+              </row>
+              <row>
+                <entry><constant>manager-early</constant></entry>
+                <entry>Similar to <constant>manager</constant>, but for the root user. Compare with the <constant>user</constant> vs. <constant>user-early</constant> situation. (Added in v256.)</entry>
+              </row>
+            </tbody>
+          </tgroup>
+        </table>
 
         <xi:include href="version-info.xml" xpointer="v197"/></listitem>
       </varlistentry>
@@ -364,8 +415,7 @@ account   sufficient pam_unix.so
 account   required   pam_permit.so
 
 -password sufficient pam_systemd_home.so
-password  sufficient pam_unix.so sha512 shadow try_first_pass use_authtok
-
+password  sufficient pam_unix.so sha512 shadow try_first_pass
 password  required   pam_deny.so
 
 -session  optional   pam_keyinit.so revoke