From: Vunny Sodhi <vunny.sodhi@unikie.com>
Date: Wed, 21 Jan 2026 10:27:55 +0000 (+0200)
Subject: pam_systemd_home: Use PAM_TEXT_INFO for token prompts
X-Git-Tag: v257.11~95
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=380978342a28696cf0396654b509c14516fcce4d;p=thirdparty%2Fsystemd.git

pam_systemd_home: Use PAM_TEXT_INFO for token prompts

The prompts asking the user to physically authenticate
or confirm presence on a security token are informational
requests for action, not error conditions.

This commit changes the message type to PAM_TEXT_INFO,
which is more appropriate for guiding the user through
the authentication process.

(cherry picked from commit db4b6b70434295aa7799ac74b80a6d708d1f0ba4)
(cherry picked from commit 42e5003bbce299518f496694c398dd6e681218f3)
(cherry picked from commit d5f9526427b3a10a5c5038e94d1fbd497513c534)
---

diff --git a/src/home/pam_systemd_home.c b/src/home/pam_systemd_home.c
index a730697d02c..d3c492bbbc7 100644
--- a/src/home/pam_systemd_home.c
+++ b/src/home/pam_systemd_home.c
@@ -394,7 +394,7 @@ static int handle_generic_user_record_error(
 
                 assert(secret);
 
-                (void) pam_prompt_graceful(handle, PAM_ERROR_MSG, NULL, _("Please authenticate physically on security token of user %s."), user_name);
+                (void) pam_prompt_graceful(handle, PAM_TEXT_INFO, NULL, _("Please authenticate physically on security token of user %s."), user_name);
 
                 r = user_record_set_pkcs11_protected_authentication_path_permitted(secret, true);
                 if (r < 0)
@@ -405,7 +405,7 @@ static int handle_generic_user_record_error(
 
                 assert(secret);
 
-                (void) pam_prompt_graceful(handle, PAM_ERROR_MSG, NULL, _("Please confirm presence on security token of user %s."), user_name);
+                (void) pam_prompt_graceful(handle, PAM_TEXT_INFO, NULL, _("Please confirm presence on security token of user %s."), user_name);
 
                 r = user_record_set_fido2_user_presence_permitted(secret, true);
                 if (r < 0)
@@ -416,7 +416,7 @@ static int handle_generic_user_record_error(
 
                 assert(secret);
 
-                (void) pam_prompt_graceful(handle, PAM_ERROR_MSG, NULL, _("Please verify user on security token of user %s."), user_name);
+                (void) pam_prompt_graceful(handle, PAM_TEXT_INFO, NULL, _("Please verify user on security token of user %s."), user_name);
 
                 r = user_record_set_fido2_user_verification_permitted(secret, true);
                 if (r < 0)