From 7ce4af79bae1f1a022b3d03e99fbb3bda0a995a3 Mon Sep 17 00:00:00 2001
From: Jinna Kiisuo <jinnak@nocturnal.fi>
Date: Sat, 8 Mar 2025 04:51:06 +0200
Subject: [PATCH] Backport b6f63f3 to fix unixd default config (#3489)

The change to require the [kanidm] header was already true for 1.4 and it's now breaking new installs via the PPA.
---
 examples/unixd-safe-default | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/examples/unixd-safe-default b/examples/unixd-safe-default
index b231f4cd1..14d9daac3 100644
--- a/examples/unixd-safe-default
+++ b/examples/unixd-safe-default
@@ -1,17 +1,19 @@
-## Kanidm Unixd minimal Service Configuration - /etc/kanidm/unixd
+# Kanidm Unixd minimal Service Configuration - /etc/kanidm/unixd
 # For a full example and documentation, see /usr/share/kanidm-unixd/unixd
-# or `example/unixd` in the source repository.
+# or `example/unixd` in the source repository
 
 version = '2'
 
+[kanidm]
 # default_shell = "/bin/sh"
-
 # home_attr = "uuid"
 # home_alias = "spn"
 # use_etc_skel = false
 
-
 # Defines a set of POSIX groups where membership of any of these groups
-# will be allowed to login via PAM.
-# Replace your group below and uncomment this line:
-#pam_allowed_login_groups = ["your_posix_login_group"]
+# will be allowed to login via PAM
+#
+# WITHOUT THIS SET, NOBODY WILL BE ABLE TO LOG IN VIA PAM
+#
+# Replace your group below and uncomment this line
+# pam_allowed_login_groups = ["your_posix_login_group"]