Clean up PAM build/install rules; move to pam-redhat

The build system was inconsistent in its handling of pam files.  The
multistack files had names ending in .pam, which we copied to an
unsuffixed file, and installed via pam_DATA.  The non-multistack files
had unsuffixed filenames in the source, which we installed manually
via install-data-local.

Let's clean this up by naming every file with ".pam", and do the
rename when we put them in the install root.  This is faster and
requires less makefile boilerplate to copy the files during the build
process.

Note: This also drops the previous crappy implementation of a
configuration management scheme where we only installed the files if
they didn't already exist.  I'm not aware of anyone who actually uses
'make install' for gdm and cares about that semantic.

Finally, because all of these pam files are Red Hat specific, move
them to a separate pam-redhat directory, to ease the addition of a
future patch which adds PAM files for different systems.

https://bugzilla.gnome.org/show_bug.cgi?id=675085

1 files changed, 17 insertions, 0 deletions

diff --git a/data/pam-redhat/gdm-fingerprint.pam b/data/pam-redhat/gdm-fingerprint.pam
new file mode 100644
index 00000000..1a1c7772
--- /dev/null
+++ b/data/pam-redhat/gdm-fingerprint.pam
@@ -0,0 +1,17 @@
+# Sample PAM file for doing fingerprint authentication.
+# Distros should replace this with what makes sense for them.
+auth        required      pam_env.so
+auth        required      pam_fprintd.so
+auth        sufficient    pam_succeed_if.so uid >= 500 quiet
+auth        required      pam_deny.so
+
+account     required      pam_unix.so
+account     sufficient    pam_localuser.so
+account     sufficient    pam_succeed_if.so uid < 500 quiet
+account     required      pam_permit.so
+
+password    required      pam_deny.so
+
+session     optional      pam_keyinit.so revoke
+session     required      pam_limits.so
+session     required      pam_unix.so