diff options
author | Colin Walters <walters@verbum.org> | 2012-07-08 16:58:41 -0400 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2012-07-10 10:26:53 -0400 |
commit | f42e685e271015d5cc5d52342a8832010f65c5d2 (patch) | |
tree | 9efa2aa2e54b332baa6420ac8f7c5fa3c55c3a46 /data/pam-redhat | |
parent | a325fcbc8f6fc138057fb2812c4f2d32ecc1346c (diff) | |
download | gdm-f42e685e271015d5cc5d52342a8832010f65c5d2.tar.gz |
Clean up PAM build/install rules; move to pam-redhat
The build system was inconsistent in its handling of pam files. The
multistack files had names ending in .pam, which we copied to an
unsuffixed file, and installed via pam_DATA. The non-multistack files
had unsuffixed filenames in the source, which we installed manually
via install-data-local.
Let's clean this up by naming every file with ".pam", and do the
rename when we put them in the install root. This is faster and
requires less makefile boilerplate to copy the files during the build
process.
Note: This also drops the previous crappy implementation of a
configuration management scheme where we only installed the files if
they didn't already exist. I'm not aware of anyone who actually uses
'make install' for gdm and cares about that semantic.
Finally, because all of these pam files are Red Hat specific, move
them to a separate pam-redhat directory, to ease the addition of a
future patch which adds PAM files for different systems.
https://bugzilla.gnome.org/show_bug.cgi?id=675085
Diffstat (limited to 'data/pam-redhat')
-rw-r--r-- | data/pam-redhat/gdm-autologin.pam | 10 | ||||
-rw-r--r-- | data/pam-redhat/gdm-fingerprint.pam | 17 | ||||
-rw-r--r-- | data/pam-redhat/gdm-password.pam | 19 | ||||
-rw-r--r-- | data/pam-redhat/gdm-smartcard.pam | 18 | ||||
-rw-r--r-- | data/pam-redhat/gdm-welcome.pam | 9 | ||||
-rw-r--r-- | data/pam-redhat/gdm.pam | 12 |
6 files changed, 85 insertions, 0 deletions
diff --git a/data/pam-redhat/gdm-autologin.pam b/data/pam-redhat/gdm-autologin.pam new file mode 100644 index 00000000..c4e598af --- /dev/null +++ b/data/pam-redhat/gdm-autologin.pam @@ -0,0 +1,10 @@ +#%PAM-1.0 +auth required pam_env.so +auth required pam_permit.so +account required pam_nologin.so +account include system-auth +password include system-auth +session optional pam_keyinit.so force revoke +session include system-auth +session required pam_loginuid.so +session optional pam_console.so diff --git a/data/pam-redhat/gdm-fingerprint.pam b/data/pam-redhat/gdm-fingerprint.pam new file mode 100644 index 00000000..1a1c7772 --- /dev/null +++ b/data/pam-redhat/gdm-fingerprint.pam @@ -0,0 +1,17 @@ +# Sample PAM file for doing fingerprint authentication. +# Distros should replace this with what makes sense for them. +auth required pam_env.so +auth required pam_fprintd.so +auth sufficient pam_succeed_if.so uid >= 500 quiet +auth required pam_deny.so + +account required pam_unix.so +account sufficient pam_localuser.so +account sufficient pam_succeed_if.so uid < 500 quiet +account required pam_permit.so + +password required pam_deny.so + +session optional pam_keyinit.so revoke +session required pam_limits.so +session required pam_unix.so diff --git a/data/pam-redhat/gdm-password.pam b/data/pam-redhat/gdm-password.pam new file mode 100644 index 00000000..bac431d3 --- /dev/null +++ b/data/pam-redhat/gdm-password.pam @@ -0,0 +1,19 @@ +# Sample PAM file for doing password authentication. +# Distros should replace this with what makes sense for them. +auth required pam_env.so +auth sufficient pam_unix.so nullok try_first_pass +auth requisite pam_succeed_if.so uid >= 500 quiet +auth required pam_deny.so + +account required pam_unix.so +account sufficient pam_localuser.so +account sufficient pam_succeed_if.so uid < 500 quiet +account required pam_permit.so + +password requisite pam_cracklib.so try_first_pass retry=3 type= +password sufficient pam_unix.so nullok try_first_pass use_authtok +password required pam_deny.so + +session optional pam_keyinit.so revoke +session required pam_limits.so +session required pam_unix.so diff --git a/data/pam-redhat/gdm-smartcard.pam b/data/pam-redhat/gdm-smartcard.pam new file mode 100644 index 00000000..d5ac1fab --- /dev/null +++ b/data/pam-redhat/gdm-smartcard.pam @@ -0,0 +1,18 @@ +# Sample PAM file for doing smartcard authentication. +# Distros should replace this with what makes sense for them. +auth required pam_env.so +auth [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card card_only +auth requisite pam_succeed_if.so uid >= 500 quiet +auth required pam_deny.so + +account required pam_unix.so +account sufficient pam_localuser.so +account sufficient pam_succeed_if.so uid < 500 quiet +account required pam_permit.so + +password optional pam_pkcs11.so +password requisite pam_cracklib.so try_first_pass retry=3 type= + +session optional pam_keyinit.so revoke +session required pam_limits.so +session required pam_unix.so diff --git a/data/pam-redhat/gdm-welcome.pam b/data/pam-redhat/gdm-welcome.pam new file mode 100644 index 00000000..b301f4f9 --- /dev/null +++ b/data/pam-redhat/gdm-welcome.pam @@ -0,0 +1,9 @@ +#%PAM-1.0 +auth required pam_env.so +auth required pam_permit.so +account required pam_nologin.so +account include system-auth +password include system-auth +session required pam_loginuid.so +session optional pam_keyinit.so force revoke +session include system-auth diff --git a/data/pam-redhat/gdm.pam b/data/pam-redhat/gdm.pam new file mode 100644 index 00000000..58c397d9 --- /dev/null +++ b/data/pam-redhat/gdm.pam @@ -0,0 +1,12 @@ +#%PAM-1.0 +auth required pam_env.so +auth required pam_succeed_if.so user != root quiet +auth sufficient pam_succeed_if.so user ingroup nopasswdlogin +auth include system-auth +account required pam_nologin.so +account include system-auth +password include system-auth +session optional pam_keyinit.so force revoke +session include system-auth +session required pam_loginuid.so +session optional pam_console.so |