authselect/SOURCES/0901-rhel10-remove-systemd-homed.patch

From 054c83d1a40d5e0f98230d0f6ac34bd7ecdf383e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Fri, 23 Feb 2024 15:49:09 +0100
Subject: [PATCH 1/3] rhel10: remove systemd-homed

systemd-homed is not present in rhel.
---
 profiles/local/README          | 3 ---
 profiles/local/password-auth   | 4 ----
 profiles/local/system-auth     | 4 ----
 profiles/nis/README            | 3 ---
 profiles/nis/REQUIREMENTS      | 3 ---
 profiles/nis/password-auth     | 4 ----
 profiles/nis/system-auth       | 4 ----
 profiles/sssd/README           | 3 ---
 profiles/sssd/REQUIREMENTS     | 3 ---
 profiles/sssd/password-auth    | 4 ----
 profiles/sssd/system-auth      | 4 ----
 profiles/winbind/README        | 3 ---
 profiles/winbind/REQUIREMENTS  | 3 ---
 profiles/winbind/password-auth | 4 ----
 profiles/winbind/system-auth   | 4 ----
 15 files changed, 53 deletions(-)

diff --git a/profiles/local/README b/profiles/local/README
index 03f602441fe95ee280b575508f20d1f1de949b25..eedb298090b5b7c068ee1dfec0ee36c8b3086af4 100644
--- a/profiles/local/README
+++ b/profiles/local/README
@@ -54,9 +54,6 @@ with-mdns4::
 with-mdns6::
     Enable multicast DNS over IPv6.
 
-with-systemd-homed::
-    If set, pam_systemd_homed is enabled for all pam operations.
-
 with-libvirt::
     Enable connecting to libvirt VMs using the hostname configured in the
     guest OS or, as a fallback, their name.
diff --git a/profiles/local/password-auth b/profiles/local/password-auth
index 13e10d93b1d43ade8c45c32c50c613f6cf2abcca..d50d7e1fefaf257b8ddcdd1610004ffca9d93634 100644
--- a/profiles/local/password-auth
+++ b/profiles/local/password-auth
@@ -4,17 +4,14 @@ auth        required                                     pam_faillock.so preauth
 auth        sufficient                                   pam_u2f.so cue                                         {include if "with-pam-u2f"}
 auth        required                                     pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"}
 auth        sufficient                                   pam_unix.so {if not "without-nullok":nullok}
-auth        sufficient                                   pam_systemd_home.so                                    {include if "with-systemd-homed"}
 auth        required                                     pam_faillock.so authfail                               {include if "with-faillock"}
 auth        optional                                     pam_gnome_keyring.so only_if=login auto_start          {include if "with-pam-gnome-keyring"}
 auth        required                                     pam_deny.so
 
 account     required                                     pam_access.so                                          {include if "with-pamaccess"}
 account     required                                     pam_faillock.so                                        {include if "with-faillock"}
-account     sufficient                                   pam_systemd_home.so                                    {include if "with-systemd-homed"}
 account     required                                     pam_unix.so
 
-password    sufficient                                   pam_systemd_home.so                                    {include if "with-systemd-homed"}
 password    requisite                                    pam_pwquality.so
 password    [default=1 ignore=ignore success=ok]         pam_localuser.so                                       {include if "with-pwhistory"}
 password    requisite                                    pam_pwhistory.so use_authtok                           {include if "with-pwhistory"}
@@ -24,7 +21,6 @@ password    required                                     pam_deny.so
 session     optional                                     pam_keyinit.so revoke
 session     required                                     pam_limits.so
 session     optional                                     pam_ecryptfs.so unwrap                                {include if "with-ecryptfs"}
-session     optional                                     pam_systemd_home.so                                   {include if "with-systemd-homed"}
 -session    optional                                     pam_systemd.so
 session     optional                                     pam_oddjob_mkhomedir.so                               {include if "with-mkhomedir"}
 session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
diff --git a/profiles/local/system-auth b/profiles/local/system-auth
index 7f3c56adb2329dd4a08b1cb08b63e8d0d9b13c86..290cd24eb9c50f196d6fc68a3688f097f49159fe 100644
--- a/profiles/local/system-auth
+++ b/profiles/local/system-auth
@@ -5,17 +5,14 @@ auth        sufficient                                   pam_fprintd.so
 auth        sufficient                                   pam_u2f.so cue                                         {include if "with-pam-u2f"}
 auth        required                                     pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"}
 auth        sufficient                                   pam_unix.so {if not "without-nullok":nullok}
-auth        sufficient                                   pam_systemd_home.so                                    {include if "with-systemd-homed"}
 auth        required                                     pam_faillock.so authfail                               {include if "with-faillock"}
 auth        optional                                     pam_gnome_keyring.so only_if=login auto_start          {include if "with-pam-gnome-keyring"}
 auth        required                                     pam_deny.so
 
 account     required                                     pam_access.so                                          {include if "with-pamaccess"}
 account     required                                     pam_faillock.so                                        {include if "with-faillock"}
-account     sufficient                                   pam_systemd_home.so                                    {include if "with-systemd-homed"}
 account     required                                     pam_unix.so
 
-password    sufficient                                   pam_systemd_home.so                                    {include if "with-systemd-homed"}
 password    requisite                                    pam_pwquality.so
 password    [default=1 ignore=ignore success=ok]         pam_localuser.so                                       {include if "with-pwhistory"}
 password    requisite                                    pam_pwhistory.so use_authtok                           {include if "with-pwhistory"}
@@ -25,7 +22,6 @@ password    required                                     pam_deny.so
 session     optional                                     pam_keyinit.so revoke
 session     required                                     pam_limits.so
 session     optional                                     pam_ecryptfs.so unwrap                                {include if "with-ecryptfs"}
-session     optional                                     pam_systemd_home.so                                   {include if "with-systemd-homed"}
 -session    optional                                     pam_systemd.so
 session     optional                                     pam_oddjob_mkhomedir.so                               {include if "with-mkhomedir"}
 session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
diff --git a/profiles/nis/README b/profiles/nis/README
index e3a1a0b986689bfd43d9531464bcd8fa7a0f5237..745138bbdb1e045db41990dcb8864477d3408e36 100644
--- a/profiles/nis/README
+++ b/profiles/nis/README
@@ -65,9 +65,6 @@ with-mdns4::
 with-mdns6::
     Enable multicast DNS over IPv6.
 
-with-systemd-homed::
-    If set, pam_systemd_homed is enabled for all pam operations.
-
 without-nullok::
     Do not add nullok parameter to pam_unix.
 
diff --git a/profiles/nis/REQUIREMENTS b/profiles/nis/REQUIREMENTS
index 3e32879eba37e1bd2692aa2852c87036bfa78ed5..d8fe0456ee2b351e98af374fc0206717e6994031 100644
--- a/profiles/nis/REQUIREMENTS
+++ b/profiles/nis/REQUIREMENTS
@@ -16,6 +16,3 @@ Make sure that NIS service is configured and enabled. See NIS documentation for
   - systemctl enable --now oddjobd.service                                                {include if "with-mkhomedir"}
                                                                                           {include if "with-libvirt"}
 - with-libvirt is selected, make sure that the libvirt NSS plugins are installed          {include if "with-libvirt"}
-                                                                                          {include if "with-systemd-homed"}
-- with-systemd-homed is selected, make sure that the system-homed service is enabled      {include if "with-systemd-homed"}
-  - systemctl enable --now systemd-homed.service                                          {include if "with-systemd-homed"}
diff --git a/profiles/nis/password-auth b/profiles/nis/password-auth
index 45af4792df9f661fe04e1060e32cc6c0aa38c7c4..927fbcbda8fa4e910e29c88a3806fb5265bbc7bc 100644
--- a/profiles/nis/password-auth
+++ b/profiles/nis/password-auth
@@ -4,17 +4,14 @@ auth        required                                     pam_faillock.so preauth
 auth        sufficient                                   pam_u2f.so cue                                           {include if "with-pam-u2f"}
 auth        required                                     pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"}
 auth        sufficient                                   pam_unix.so {if not "without-nullok":nullok}
-auth        sufficient                                   pam_systemd_home.so                                      {include if "with-systemd-homed"}
 auth        required                                     pam_faillock.so authfail                                 {include if "with-faillock"}
 auth        optional                                     pam_gnome_keyring.so only_if=login auto_start            {include if "with-pam-gnome-keyring"}
 auth        required                                     pam_deny.so
 
 account     required                                     pam_access.so                                            {include if "with-pamaccess"}
 account     required                                     pam_faillock.so                                          {include if "with-faillock"}
-account     sufficient                                   pam_systemd_home.so                                      {include if "with-systemd-homed"}
 account     required                                     pam_unix.so broken_shadow
 
-password    sufficient                                   pam_systemd_home.so                                    {include if "with-systemd-homed"}
 password    requisite                                    pam_pwquality.so {if not "with-nispwquality":local_users_only}
 password    [default=1 ignore=ignore success=ok]         pam_localuser.so                                       {include if "with-pwhistory"}
 password    requisite                                    pam_pwhistory.so use_authtok                           {include if "with-pwhistory"}
@@ -24,7 +21,6 @@ password    required                                     pam_deny.so
 session     optional                                     pam_keyinit.so revoke
 session     required                                     pam_limits.so
 session     optional                                     pam_ecryptfs.so unwrap                                  {include if "with-ecryptfs"}
-session    optional                                      pam_systemd_home.so                                     {include if "with-systemd-homed"}
 -session    optional                                     pam_systemd.so
 session     optional                                     pam_oddjob_mkhomedir.so                                 {include if "with-mkhomedir"}
 session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
diff --git a/profiles/nis/system-auth b/profiles/nis/system-auth
index 0bd022ee2286f37a5becb0daba2a5813693300a9..40a1bf74aaf3d721c4d720938e57766bfe651e47 100644
--- a/profiles/nis/system-auth
+++ b/profiles/nis/system-auth
@@ -5,17 +5,14 @@ auth        sufficient                                   pam_fprintd.so
 auth        sufficient                                   pam_u2f.so cue                                         {include if "with-pam-u2f"}
 auth        required                                     pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"}
 auth        sufficient                                   pam_unix.so {if not "without-nullok":nullok}
-auth        sufficient                                   pam_systemd_home.so                                    {include if "with-systemd-homed"}
 auth        required                                     pam_faillock.so authfail                               {include if "with-faillock"}
 auth        optional                                     pam_gnome_keyring.so only_if=login auto_start          {include if "with-pam-gnome-keyring"}
 auth        required                                     pam_deny.so
 
 account     required                                     pam_access.so                                          {include if "with-pamaccess"}
 account     required                                     pam_faillock.so                                        {include if "with-faillock"}
-account     sufficient                                   pam_systemd_home.so                                    {include if "with-systemd-homed"}
 account     required                                     pam_unix.so broken_shadow
 
-password    sufficient                                   pam_systemd_home.so                                    {include if "with-systemd-homed"}
 password    requisite                                    pam_pwquality.so {if not "with-nispwquality":local_users_only}
 password    [default=1 ignore=ignore success=ok]         pam_localuser.so                                       {include if "with-pwhistory"}
 password    requisite                                    pam_pwhistory.so use_authtok                           {include if "with-pwhistory"}
@@ -25,7 +22,6 @@ password    required                                     pam_deny.so
 session     optional                                     pam_keyinit.so revoke
 session     required                                     pam_limits.so
 session     optional                                     pam_ecryptfs.so unwrap                                {include if "with-ecryptfs"}
-session     optional                                     pam_systemd_home.so                                   {include if "with-systemd-homed"}
 -session    optional                                     pam_systemd.so
 session     optional                                     pam_oddjob_mkhomedir.so                               {include if "with-mkhomedir"}
 session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
diff --git a/profiles/sssd/README b/profiles/sssd/README
index f7aaba8ecca4bc18a0e57d2334c2030fd26fda0d..a497da5dcffd0a03a122677c49ee2f8021927b04 100644
--- a/profiles/sssd/README
+++ b/profiles/sssd/README
@@ -106,9 +106,6 @@ with-gssapi::
 with-subid::
     Enable SSSD as a source of subid database in /etc/nsswitch.conf.
 
-with-systemd-homed::
-    If set, pam_systemd_homed is enabled for all pam operations.
-
 without-nullok::
     Do not add nullok parameter to pam_unix.
 
diff --git a/profiles/sssd/REQUIREMENTS b/profiles/sssd/REQUIREMENTS
index 6aaf7c771f7c1bcbf2aee7152422acc9d53c71f5..b36f6069a54a5f711a10aa0700f33e1a8e37794e 100644
--- a/profiles/sssd/REQUIREMENTS
+++ b/profiles/sssd/REQUIREMENTS
@@ -25,6 +25,3 @@ Make sure that SSSD service is configured and enabled. See SSSD documentation fo
 - with-tlog is selected, make sure that session recording is enabled in SSSD              {include if "with-tlog"}
                                                                                           {include if "with-libvirt"}
 - with-libvirt is selected, make sure that the libvirt NSS plugins are installed          {include if "with-libvirt"}
-                                                                                          {include if "with-systemd-homed"}
-- with-systemd-homed is selected, make sure that the system-homed service is enabled      {include if "with-systemd-homed"}
-  - systemctl enable --now systemd-homed.service                                          {include if "with-systemd-homed"}
diff --git a/profiles/sssd/password-auth b/profiles/sssd/password-auth
index 97c33b678706e7eeb86bf45251baa41739f2940f..f468507b938ea2a7ac305a65f5fdea14a1ae10f1 100644
--- a/profiles/sssd/password-auth
+++ b/profiles/sssd/password-auth
@@ -7,7 +7,6 @@ auth        required                                     pam_u2f.so cue {if not
 auth        [default=1 ignore=ignore success=ok]         pam_usertype.so isregular
 auth        [default=1 ignore=ignore success=ok]         pam_localuser.so
 auth        sufficient                                   pam_unix.so {if not "without-nullok":nullok}
-auth        sufficient                                   pam_systemd_home.so                                    {include if "with-systemd-homed"}
 auth        [default=1 ignore=ignore success=ok]         pam_usertype.so isregular
 auth        sufficient                                   pam_sss.so forward_pass
 auth        required                                     pam_faillock.so authfail                               {include if "with-faillock"}
@@ -16,14 +15,12 @@ auth        required                                     pam_deny.so
 
 account     required                                     pam_access.so                                          {include if "with-pamaccess"}
 account     required                                     pam_faillock.so                                        {include if "with-faillock"}
-account     sufficient                                   pam_systemd_home.so                                    {include if "with-systemd-homed"}
 account     required                                     pam_unix.so
 account     sufficient                                   pam_localuser.so                                       {exclude if "with-files-access-provider"}
 account     sufficient                                   pam_usertype.so issystem
 account     [default=bad success=ok user_unknown=ignore] pam_sss.so
 account     required                                     pam_permit.so
 
-password    sufficient                                   pam_systemd_home.so                                    {include if "with-systemd-homed"}
 password    requisite                                    pam_pwquality.so local_users_only
 password    [default=1 ignore=ignore success=ok]         pam_localuser.so                                       {include if "with-pwhistory"}
 password    requisite                                    pam_pwhistory.so use_authtok                           {include if "with-pwhistory"}
@@ -35,7 +32,6 @@ password    required                                     pam_deny.so
 session     optional                                     pam_keyinit.so revoke
 session     required                                     pam_limits.so
 session     optional                                     pam_ecryptfs.so unwrap                                 {include if "with-ecryptfs"}
-session     optional                                     pam_systemd_home.so                                    {include if "with-systemd-homed"}
 -session    optional                                     pam_systemd.so
 session     optional                                     pam_oddjob_mkhomedir.so                                {include if "with-mkhomedir"}
 session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
diff --git a/profiles/sssd/system-auth b/profiles/sssd/system-auth
index 90c3504a414f0a151475cc207285b230fec381b1..870e4d7024066e3e40786bde6c3c39c7ba8d62c0 100644
--- a/profiles/sssd/system-auth
+++ b/profiles/sssd/system-auth
@@ -12,7 +12,6 @@ auth        [default=1 ignore=ignore success=ok]         pam_localuser.so
 auth        [default=2 ignore=ignore success=ok]         pam_localuser.so                                       {include if "with-smartcard"}
 auth        [success=done authinfo_unavail=ignore user_unknown=ignore ignore=ignore default=die] pam_sss.so try_cert_auth {include if "with-smartcard"}
 auth        sufficient                                   pam_unix.so {if not "without-nullok":nullok}
-auth        sufficient                                   pam_systemd_home.so                                    {include if "with-systemd-homed"}
 auth        [default=1 ignore=ignore success=ok]         pam_usertype.so isregular                              {include if "with-gssapi"}
 auth        sufficient                                   pam_sss_gss.so                                         {include if "with-gssapi"}
 auth        [default=1 ignore=ignore success=ok]         pam_usertype.so isregular
@@ -23,14 +22,12 @@ auth        required                                     pam_deny.so
 
 account     required                                     pam_access.so                                          {include if "with-pamaccess"}
 account     required                                     pam_faillock.so                                        {include if "with-faillock"}
-account     sufficient                                   pam_systemd_home.so                                    {include if "with-systemd-homed"}
 account     required                                     pam_unix.so
 account     sufficient                                   pam_localuser.so                                       {exclude if "with-files-access-provider"}
 account     sufficient                                   pam_usertype.so issystem
 account     [default=bad success=ok user_unknown=ignore] pam_sss.so
 account     required                                     pam_permit.so
 
-password    sufficient                                   pam_systemd_home.so                                    {include if "with-systemd-homed"}
 password    requisite                                    pam_pwquality.so local_users_only
 password    [default=1 ignore=ignore success=ok]         pam_localuser.so                                       {include if "with-pwhistory"}
 password    requisite                                    pam_pwhistory.so use_authtok                           {include if "with-pwhistory"}
@@ -42,7 +39,6 @@ password    required                                     pam_deny.so
 session     optional                                     pam_keyinit.so revoke
 session     required                                     pam_limits.so
 session     optional                                     pam_ecryptfs.so unwrap                                 {include if "with-ecryptfs"}
-session     optional                                     pam_systemd_home.so                                    {include if "with-systemd-homed"}
 -session    optional                                     pam_systemd.so
 session     optional                                     pam_oddjob_mkhomedir.so                                {include if "with-mkhomedir"}
 session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
diff --git a/profiles/winbind/README b/profiles/winbind/README
index f65870d1d03da6465ad446dac87ed141d7115d8b..8844e1da2003a0266dfe8937774d6d6f7dad0210 100644
--- a/profiles/winbind/README
+++ b/profiles/winbind/README
@@ -75,9 +75,6 @@ with-mdns4::
 with-mdns6::
     Enable multicast DNS over IPv6.
 
-with-systemd-homed::
-    If set, pam_systemd_homed is enabled for all pam operations.
-
 without-nullok::
     Do not add nullok parameter to pam_unix.
 
diff --git a/profiles/winbind/REQUIREMENTS b/profiles/winbind/REQUIREMENTS
index 232f6ee986ac66c5fed972c91c17080e0740e5c7..31a37d74ca5a4c46415545b8f6e0f61e8ad3b433 100644
--- a/profiles/winbind/REQUIREMENTS
+++ b/profiles/winbind/REQUIREMENTS
@@ -16,6 +16,3 @@ Make sure that winbind service is configured and enabled. See winbind documentat
   - systemctl enable --now oddjobd.service                                                {include if "with-mkhomedir"}
                                                                                           {include if "with-libvirt"}
 - with-libvirt is selected, make sure that the libvirt NSS plugins are installed          {include if "with-libvirt"}
-                                                                                          {include if "with-systemd-homed"}
-- with-systemd-homed is selected, make sure that the system-homed service is enabled      {include if "with-systemd-homed"}
-  - systemctl enable --now systemd-homed.service                                          {include if "with-systemd-homed"}
diff --git a/profiles/winbind/password-auth b/profiles/winbind/password-auth
index 8d74149dd48643dbb4b80d62600d3ece0868ec30..8d1682b9301c2b9c92292a41120f69611f148108 100644
--- a/profiles/winbind/password-auth
+++ b/profiles/winbind/password-auth
@@ -4,7 +4,6 @@ auth        required                                     pam_faillock.so preauth
 auth        sufficient                                   pam_u2f.so cue                                           {include if "with-pam-u2f"}
 auth        required                                     pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"}
 auth        sufficient                                   pam_unix.so {if not "without-nullok":nullok}
-auth        sufficient                                   pam_systemd_home.so                                      {include if "with-systemd-homed"}
 auth        [default=1 ignore=ignore success=ok]         pam_usertype.so isregular
 auth        sufficient                                   pam_winbind.so {if "with-krb5":krb5_auth} use_first_pass
 auth        required                                     pam_faillock.so authfail                                 {include if "with-faillock"}
@@ -13,14 +12,12 @@ auth        required                                     pam_deny.so
 
 account     required                                     pam_access.so                                            {include if "with-pamaccess"}
 account     required                                     pam_faillock.so                                          {include if "with-faillock"}
-account     sufficient                                   pam_systemd_home.so                                      {include if "with-systemd-homed"}
 account     required                                     pam_unix.so broken_shadow
 account     sufficient                                   pam_localuser.so
 account     sufficient                                   pam_usertype.so issystem
 account     [default=bad success=ok user_unknown=ignore] pam_winbind.so {if "with-krb5":krb5_auth}
 account     required                                     pam_permit.so
 
-password    sufficient                                   pam_systemd_home.so                                    {include if "with-systemd-homed"}
 password    requisite                                    pam_pwquality.so local_users_only
 password    [default=1 ignore=ignore success=ok]         pam_localuser.so                                       {include if "with-pwhistory"}
 password    requisite                                    pam_pwhistory.so use_authtok                           {include if "with-pwhistory"}
@@ -31,7 +28,6 @@ password    required                                     pam_deny.so
 session     optional                                     pam_keyinit.so revoke
 session     required                                     pam_limits.so
 session     optional                                     pam_ecryptfs.so unwrap                                  {include if "with-ecryptfs"}
-session     optional                                     pam_systemd_home.so                                     {include if "with-systemd-homed"}
 -session    optional                                     pam_systemd.so
 session     optional                                     pam_oddjob_mkhomedir.so                                 {include if "with-mkhomedir"}
 session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
diff --git a/profiles/winbind/system-auth b/profiles/winbind/system-auth
index 2326c859284c5823c5a6d34390d794dbf33110d2..612143d10fe502d7f6ed636b4fba6cc639aa66b0 100644
--- a/profiles/winbind/system-auth
+++ b/profiles/winbind/system-auth
@@ -5,7 +5,6 @@ auth        sufficient                                   pam_fprintd.so
 auth        sufficient                                   pam_u2f.so cue                                         {include if "with-pam-u2f"}
 auth        required                                     pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"}
 auth        sufficient                                   pam_unix.so {if not "without-nullok":nullok}
-auth        sufficient                                   pam_systemd_home.so                                    {include if "with-systemd-homed"}
 auth        [default=1 ignore=ignore success=ok]         pam_usertype.so isregular
 auth        sufficient                                   pam_winbind.so {if "with-krb5":krb5_auth} use_first_pass
 auth        required                                     pam_faillock.so authfail                               {include if "with-faillock"}
@@ -14,14 +13,12 @@ auth        required                                     pam_deny.so
 
 account     required                                     pam_access.so                                          {include if "with-pamaccess"}
 account     required                                     pam_faillock.so                                        {include if "with-faillock"}
-account     sufficient                                   pam_systemd_home.so                                    {include if "with-systemd-homed"}
 account     required                                     pam_unix.so broken_shadow
 account     sufficient                                   pam_localuser.so
 account     sufficient                                   pam_usertype.so issystem
 account     [default=bad success=ok user_unknown=ignore] pam_winbind.so {if "with-krb5":krb5_auth}
 account     required                                     pam_permit.so
 
-password    sufficient                                   pam_systemd_home.so                                    {include if "with-systemd-homed"}
 password    requisite                                    pam_pwquality.so local_users_only
 password    [default=1 ignore=ignore success=ok]         pam_localuser.so                                       {include if "with-pwhistory"}
 password    requisite                                    pam_pwhistory.so use_authtok                           {include if "with-pwhistory"}
@@ -32,7 +29,6 @@ password    required                                     pam_deny.so
 session     optional                                     pam_keyinit.so revoke
 session     required                                     pam_limits.so
 session     optional                                     pam_ecryptfs.so unwrap                                {include if "with-ecryptfs"}
-session     optional                                     pam_systemd_home.so                                   {include if "with-systemd-homed"}
 -session    optional                                     pam_systemd.so
 session     optional                                     pam_oddjob_mkhomedir.so                               {include if "with-mkhomedir"}
 session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
-- 
2.42.0