diff options
author | Giovanni Campagna <gcampagna@src.gnome.org> | 2013-02-16 17:01:28 +0100 |
---|---|---|
committer | Ray Strode <rstrode@redhat.com> | 2013-02-20 09:54:03 -0500 |
commit | 63a34df6e049dee4db4d290e4e0ee3b0cd31ad59 (patch) | |
tree | a868b4645d5b1cd1d8af108c0a1067b3a83e21d1 /data/pam-redhat/gdm-pin.pam | |
parent | bb7962d91981c2b9a1af7fbca3450c004da92d96 (diff) | |
download | gdm-63a34df6e049dee4db4d290e4e0ee3b0cd31ad59.tar.gz |
Add gdm-pin service files
Originally, the idea was to have pam-pin as an optional module in gdm-password,
but since the PIN can easily get misconfigured, what we want here is
to give the user a choice at the login screen, so we want two different
conversations at the same time.
The pin module is marked requisite, so if it fails we stop before touching
the other modules and immediately report to the greeter (which then goes
on with gdm-password)
https://bugzilla.gnome.org/show_bug.cgi?id=693968
Diffstat (limited to 'data/pam-redhat/gdm-pin.pam')
-rw-r--r-- | data/pam-redhat/gdm-pin.pam | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/data/pam-redhat/gdm-pin.pam b/data/pam-redhat/gdm-pin.pam new file mode 100644 index 00000000..75946532 --- /dev/null +++ b/data/pam-redhat/gdm-pin.pam @@ -0,0 +1,22 @@ +auth [success=done ignore=ignore default=bad] pam_selinux_permit.so +auth requisite pam_pin.so +auth substack password-auth +auth optional pam_gnome_keyring.so +auth include postlogin + +account required pam_nologin.so +account include password-auth + +password include password-auth +password optional pam_pin.so + +session required pam_selinux.so close +session required pam_loginuid.so +session optional pam_console.so +-session optional pam_ck_connector.so +session required pam_selinux.so open +session optional pam_keyinit.so force revoke +session required pam_namespace.so +session include password-auth +session optional pam_gnome_keyring.so auto_start +session include postlogin |