From e5fdf74ce6538ead7408489dfc75e955fec0709c Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Wed, 8 Sep 2021 17:12:34 -0400
Subject: [PATCH] disable deprecated pam user_readenv feature

---
 pam.d/system-login | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 pam.d/system-login

diff --git a/pam.d/system-login b/pam.d/system-login
new file mode 100644
index 0000000..94345e1
--- /dev/null
+++ b/pam.d/system-login
@@ -0,0 +1,19 @@
+#%PAM-1.0
+
+auth       required   pam_shells.so
+auth       requisite  pam_nologin.so
+auth       include    system-auth
+
+account    required   pam_access.so
+account    required   pam_nologin.so
+account    include    system-auth
+
+password   include    system-auth
+
+session    optional   pam_loginuid.so
+session    optional   pam_keyinit.so       force revoke
+session    include    system-auth
+session    optional   pam_motd.so          motd=/etc/motd
+session    optional   pam_mail.so          dir=/var/spool/mail standard quiet
+-session   optional   pam_systemd.so
+session    required   pam_env.so