summaryrefslogtreecommitdiff
path: root/data/pam-redhat/gdm-pin.pam
diff options
context:
space:
mode:
authorGiovanni Campagna <gcampagna@src.gnome.org>2013-02-16 17:01:28 +0100
committerRay Strode <rstrode@redhat.com>2013-02-20 09:54:03 -0500
commit63a34df6e049dee4db4d290e4e0ee3b0cd31ad59 (patch)
treea868b4645d5b1cd1d8af108c0a1067b3a83e21d1 /data/pam-redhat/gdm-pin.pam
parentbb7962d91981c2b9a1af7fbca3450c004da92d96 (diff)
downloadgdm-63a34df6e049dee4db4d290e4e0ee3b0cd31ad59.tar.gz
Add gdm-pin service files
Originally, the idea was to have pam-pin as an optional module in gdm-password, but since the PIN can easily get misconfigured, what we want here is to give the user a choice at the login screen, so we want two different conversations at the same time. The pin module is marked requisite, so if it fails we stop before touching the other modules and immediately report to the greeter (which then goes on with gdm-password) https://bugzilla.gnome.org/show_bug.cgi?id=693968
Diffstat (limited to 'data/pam-redhat/gdm-pin.pam')
-rw-r--r--data/pam-redhat/gdm-pin.pam22
1 files changed, 22 insertions, 0 deletions
diff --git a/data/pam-redhat/gdm-pin.pam b/data/pam-redhat/gdm-pin.pam
new file mode 100644
index 00000000..75946532
--- /dev/null
+++ b/data/pam-redhat/gdm-pin.pam
@@ -0,0 +1,22 @@
+auth [success=done ignore=ignore default=bad] pam_selinux_permit.so
+auth requisite pam_pin.so
+auth substack password-auth
+auth optional pam_gnome_keyring.so
+auth include postlogin
+
+account required pam_nologin.so
+account include password-auth
+
+password include password-auth
+password optional pam_pin.so
+
+session required pam_selinux.so close
+session required pam_loginuid.so
+session optional pam_console.so
+-session optional pam_ck_connector.so
+session required pam_selinux.so open
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include password-auth
+session optional pam_gnome_keyring.so auto_start
+session include postlogin