diff options
author | Colin Walters <walters@verbum.org> | 2012-07-08 16:58:41 -0400 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2012-07-10 10:26:53 -0400 |
commit | f42e685e271015d5cc5d52342a8832010f65c5d2 (patch) | |
tree | 9efa2aa2e54b332baa6420ac8f7c5fa3c55c3a46 /data/pam-redhat/gdm-smartcard.pam | |
parent | a325fcbc8f6fc138057fb2812c4f2d32ecc1346c (diff) | |
download | gdm-f42e685e271015d5cc5d52342a8832010f65c5d2.tar.gz |
Clean up PAM build/install rules; move to pam-redhat
The build system was inconsistent in its handling of pam files. The
multistack files had names ending in .pam, which we copied to an
unsuffixed file, and installed via pam_DATA. The non-multistack files
had unsuffixed filenames in the source, which we installed manually
via install-data-local.
Let's clean this up by naming every file with ".pam", and do the
rename when we put them in the install root. This is faster and
requires less makefile boilerplate to copy the files during the build
process.
Note: This also drops the previous crappy implementation of a
configuration management scheme where we only installed the files if
they didn't already exist. I'm not aware of anyone who actually uses
'make install' for gdm and cares about that semantic.
Finally, because all of these pam files are Red Hat specific, move
them to a separate pam-redhat directory, to ease the addition of a
future patch which adds PAM files for different systems.
https://bugzilla.gnome.org/show_bug.cgi?id=675085
Diffstat (limited to 'data/pam-redhat/gdm-smartcard.pam')
-rw-r--r-- | data/pam-redhat/gdm-smartcard.pam | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/data/pam-redhat/gdm-smartcard.pam b/data/pam-redhat/gdm-smartcard.pam new file mode 100644 index 00000000..d5ac1fab --- /dev/null +++ b/data/pam-redhat/gdm-smartcard.pam @@ -0,0 +1,18 @@ +# Sample PAM file for doing smartcard authentication. +# Distros should replace this with what makes sense for them. +auth required pam_env.so +auth [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card card_only +auth requisite pam_succeed_if.so uid >= 500 quiet +auth required pam_deny.so + +account required pam_unix.so +account sufficient pam_localuser.so +account sufficient pam_succeed_if.so uid < 500 quiet +account required pam_permit.so + +password optional pam_pkcs11.so +password requisite pam_cracklib.so try_first_pass retry=3 type= + +session optional pam_keyinit.so revoke +session required pam_limits.so +session required pam_unix.so |