diff options
author | Marc-Antoine Perennou <Marc-Antoine@Perennou.com> | 2012-09-22 22:49:01 +0200 |
---|---|---|
committer | Marc-Antoine Perennou <Marc-Antoine@Perennou.com> | 2012-09-22 22:49:01 +0200 |
commit | b663f7cf8f57a83ea5f371d0f3e2f4df24b26869 (patch) | |
tree | 83f90435494b87609fa06e33ad3f696e87db760a | |
parent | 9d34a04de6dea2b5e03252a767c94775e9070c98 (diff) | |
download | gdm-b663f7cf8f57a83ea5f371d0f3e2f4df24b26869.tar.gz |
pam: update exherbo configuration
This is a backport from exherbo changes by Saleem Abdulrasool <compnerd@compnerd.org>
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
-rw-r--r-- | data/pam-exherbo/gdm-fingerprint.pam | 19 | ||||
-rw-r--r-- | data/pam-exherbo/gdm-launch-environment.pam | 15 | ||||
-rw-r--r-- | data/pam-exherbo/gdm-password.pam | 20 |
3 files changed, 22 insertions, 32 deletions
diff --git a/data/pam-exherbo/gdm-fingerprint.pam b/data/pam-exherbo/gdm-fingerprint.pam index 15f24fae..41639ece 100644 --- a/data/pam-exherbo/gdm-fingerprint.pam +++ b/data/pam-exherbo/gdm-fingerprint.pam @@ -1,17 +1,10 @@ -# mirrors system-auth / system(-local)-login -# except for the authentication method, which is: -# fingerprint login +account include system-login -auth required pam_env.so -auth required pam_tally.so file=/var/log/faillog onerr=succeed -auth required pam_shells.so -auth required pam_nologin.so -auth required pam_fprintd.so --auth optional pam_gnome_keyring.so +auth substack fingerprint-auth +auth optional pam_gnome_keyring.so -account include system-local-login +password required pam_deny.so -password include system-local-login +session substack system-login +session optional pam_gnome_keyring.so auto_start -session include system-local-login --session optional pam_gnome_keyring.so auto_start diff --git a/data/pam-exherbo/gdm-launch-environment.pam b/data/pam-exherbo/gdm-launch-environment.pam index 1c96229f..8357e231 100644 --- a/data/pam-exherbo/gdm-launch-environment.pam +++ b/data/pam-exherbo/gdm-launch-environment.pam @@ -1,11 +1,16 @@ -# this is for the session that gdm spawns to show the login screen +account required pam_nologin.so +account required pam_succeed_if.so audit quiet_success user = gdm +account required pam_permit.so auth required pam_env.so -auth required pam_nologin.so +auth required pam_succeed_if.so audit quiet_success user = gdm auth required pam_permit.so -account include system-local-login +password required pam_deny.so -password include system-local-login +session required pam_loginuid.so +session required pam_systemd.so kill-session-processes=1 +session optional pam_keyinit.so force revoke +session required pam_succeed_if.so audit quiet_success user = gdm +session required pam_permit.so -session include system-local-login diff --git a/data/pam-exherbo/gdm-password.pam b/data/pam-exherbo/gdm-password.pam index 3ad9ce5c..d223f660 100644 --- a/data/pam-exherbo/gdm-password.pam +++ b/data/pam-exherbo/gdm-password.pam @@ -1,18 +1,10 @@ -# mirrors system-auth / system(-local)-login -# except for the authentication method, which is: -# password login +account include system-login -auth required pam_env.so -auth required pam_tally.so file=/var/log/faillog onerr=succeed -auth required pam_shells.so -auth required pam_nologin.so -auth required pam_unix.so try_first_pass likeauth nullok --auth optional pam_gnome_keyring.so +auth substack system-login +auth optional pam_gnome_keyring.so -account include system-local-login +password required pam_deny.so -password include system-local-login - -session include system-local-login --session optional pam_gnome_keyring.so auto_start +session substack system-login +session optional pam_gnome_keyring.so auto_start |