1 files changed, 16 insertions, 12 deletions

diff --git a/src/login/pam_elogind.c b/src/login/pam_elogind.c
index 63cbbbc1d..bb6da2aac 100644
--- a/src/login/pam_elogind.c
+++ b/src/login/pam_elogind.c
@@ -381,28 +381,32 @@ _public_ PAM_EXTERN int pam_sm_open_session(
         tty = strempty(tty);
 
         if (strchr(tty, ':')) {
-                /* A tty with a colon is usually an X11 display,
-                 * placed there to show up in utmp. We rearrange
-                 * things and don't pretend that an X display was a
-                 * tty. */
-
+                /* A tty with a colon is usually an X11 display, placed there to show up in utmp. We rearrange things
+                 * and don't pretend that an X display was a tty. */
                 if (isempty(display))
                         display = tty;
                 tty = NULL;
+
         } else if (streq(tty, "cron")) {
-                /* cron has been setting PAM_TTY to "cron" for a very
-                 * long time and it probably shouldn't stop doing that
-                 * for compatibility reasons. */
+                /* cron is setting PAM_TTY to "cron" for some reason (the commit carries no information why, but
+                 * probably because it wants to set it to something as pam_time/pam_access/… require PAM_TTY to be set
+                 * (as they otherwise even try to update it!) — but cron doesn't actually allocate a TTY for its forked
+                 * off processes.) */
                 type = "unspecified";
                 class = "background";
                 tty = NULL;
+
         } else if (streq(tty, "ssh")) {
-                /* ssh has been setting PAM_TTY to "ssh" for a very
-                 * long time and probably shouldn't stop doing that
-                 * for compatibility reasons. */
+                /* ssh has been setting PAM_TTY to "ssh" (for the same reason as cron does this, see above. For further
+                 * details look for "PAM_TTY_KLUDGE" in the openssh sources). */
                 type ="tty";
                 class = "user";
-                tty = NULL;
+                tty = NULL; /* This one is particularly sad, as this means that ssh sessions — even though usually
+                             * associated with a pty — won't be tracked by their tty in logind. This is because ssh
+                             * does the PAM session registration early for new connections, and registers a pty only
+                             * much later (this is because it doesn't know yet if it needs one at all, as whether to
+                             * register a pty or not is negotiated much later in the protocol). */
+
         } else
                 /* Chop off leading /dev prefix that some clients specify, but others do not. */
                 tty = skip_dev_prefix(tty);