Could a finit service run with a specific PAM config?

[liuming50]

Our company is considering involve in PAM (https://en.wikipedia.org/wiki/Linux_PAM) in our system and we are using finit as init manager.

Could it be possible we run a service/task under a specific PAM config? For instance, in systemd, it has a PAMName support, if we set it in weston.service:

PAMName=weston-autologin

it will look for /etc/pam.d/weston-autologin:

auth      required  pam_nologin.so
auth      required  pam_unix.so     try_first_pass nullok

account   required  pam_nologin.so
account   required  pam_unix.so

session   required  pam_env.so
session   required  pam_unix.so
-session  optional  pam_systemd.so type=wayland class=user desktop=weston
-session  optional  pam_loginuid.so

and set the permission controls for weston service.

Would finit like to support this or is there a plan for supporting it?

[troglobit]

First, there is nothing planned wrt. this.

Second, even though I just skimmed through the systemd docs on the topic, how do you imagine this all working? In systemd they fork off a (sd-pam) service for each unit that has this directive, and it seems "the main unit process will be migrated to its own session scope unit" -- I don't understand what that means? It's confusing to read and just seems like a lot of added complexity. What is the benefit of having Finit support when the process can call pam_start(3) with the weston-autologin service?