pam: update redhat pam files

commit 295d0bc42b11a9473a024b9cdca58bdd9197e905 made it so we ship per-distro pam files upstream. This commit updates those PAM files to be the latest version we ship in Fedora. https://bugzilla.gnome.org/show_bug.cgi?id=675085
author: Ray Strode <rstrode@redhat.com> 2012-07-19 12:11:49 -0400
committer: Ray Strode <rstrode@redhat.com> 2012-07-19 12:14:34 -0400
commit: 139ebd6890e165d3589d10dde565cb6f4295a394 (patch)
tree: 5a91583f3c8b578f5ee2a0ff5916ba766a6983bd /data/pam-redhat
parent: 0176ed8de6f45344a4bd1e42eba080144974dc05 (diff)
download: gdm-139ebd6890e165d3589d10dde565cb6f4295a394.tar.gz
5 files changed, 59 insertions, 48 deletions
diff --git a/data/pam-redhat/gdm-autologin.pam b/data/pam-redhat/gdm-autologin.pam
index c4e598af..0616e66f 100644
--- a/data/pam-redhat/gdm-autologin.pam
+++ b/data/pam-redhat/gdm-autologin.pam
@@ -1,10 +1,16 @@
-#%PAM-1.0
+ #%PAM-1.0
 auth       required    pam_env.so
 auth       required    pam_permit.so
+auth       include     postlogin
 account    required    pam_nologin.so
 account    include     system-auth
 password   include     system-auth
-session    optional    pam_keyinit.so force revoke
-session    include     system-auth
+session    required    pam_selinux.so close
 session    required    pam_loginuid.so
 session    optional    pam_console.so
+-session    optional    pam_ck_connector.so
+session    required    pam_selinux.so open
+session    optional    pam_keyinit.so force revoke
+session    required    pam_namespace.so
+session    include     system-auth
+session    include     postlogin
diff --git a/data/pam-redhat/gdm-fingerprint.pam b/data/pam-redhat/gdm-fingerprint.pam
index 1a1c7772..684ac95f 100644
--- a/data/pam-redhat/gdm-fingerprint.pam
+++ b/data/pam-redhat/gdm-fingerprint.pam
@@ -1,17 +1,18 @@
-# Sample PAM file for doing fingerprint authentication.
-# Distros should replace this with what makes sense for them.
-auth        required      pam_env.so
-auth        required      pam_fprintd.so
-auth        sufficient    pam_succeed_if.so uid >= 500 quiet
-auth        required      pam_deny.so
+auth        substack      fingerprint-auth
+auth        required      pam_succeed_if.so user != root quiet
+auth        include       postlogin
 
-account     required      pam_unix.so
-account     sufficient    pam_localuser.so
-account     sufficient    pam_succeed_if.so uid < 500 quiet
-account     required      pam_permit.so
+account     required      pam_nologin.so
+account     include       fingerprint-auth
 
-password    required      pam_deny.so
+password    include       fingerprint-auth
 
-session     optional      pam_keyinit.so revoke
-session     required      pam_limits.so
-session     required      pam_unix.so
+session     required      pam_selinux.so close
+session     required      pam_loginuid.so
+session     optional      pam_console.so
+-session    optional    pam_ck_connector.so
+session     required      pam_selinux.so open
+session     optional      pam_keyinit.so force revoke
+session     required      pam_namespace.so
+session     include       fingerprint-auth
+session     include       postlogin
diff --git a/data/pam-redhat/gdm-password.pam b/data/pam-redhat/gdm-password.pam
index bac431d3..650534ce 100644
--- a/data/pam-redhat/gdm-password.pam
+++ b/data/pam-redhat/gdm-password.pam
@@ -1,19 +1,21 @@
-# Sample PAM file for doing password authentication.
-# Distros should replace this with what makes sense for them.
-auth        required      pam_env.so
-auth        sufficient    pam_unix.so nullok try_first_pass
-auth        requisite     pam_succeed_if.so uid >= 500 quiet
-auth        required      pam_deny.so
+auth     [success=done ignore=ignore default=bad] pam_selinux_permit.so
+auth        substack      password-auth
+auth        required      pam_succeed_if.so user != root quiet
+auth        optional      pam_gnome_keyring.so
+auth        include       postlogin
 
-account     required      pam_unix.so
-account     sufficient    pam_localuser.so
-account     sufficient    pam_succeed_if.so uid < 500 quiet
-account     required      pam_permit.so
+account     required      pam_nologin.so
+account     include       password-auth
 
-password    requisite     pam_cracklib.so try_first_pass retry=3 type=
-password    sufficient    pam_unix.so nullok try_first_pass use_authtok
-password    required      pam_deny.so
+password    include       password-auth
 
-session     optional      pam_keyinit.so revoke
-session     required      pam_limits.so
-session     required      pam_unix.so
+session     required      pam_selinux.so close
+session     required      pam_loginuid.so
+session     optional      pam_console.so
+-session    optional    pam_ck_connector.so
+session     required      pam_selinux.so open
+session     optional      pam_keyinit.so force revoke
+session     required      pam_namespace.so
+session     include       password-auth
+session     optional      pam_gnome_keyring.so auto_start
+session     include       postlogin
diff --git a/data/pam-redhat/gdm-smartcard.pam b/data/pam-redhat/gdm-smartcard.pam
index d5ac1fab..1c8c7b15 100644
--- a/data/pam-redhat/gdm-smartcard.pam
+++ b/data/pam-redhat/gdm-smartcard.pam
@@ -1,18 +1,18 @@
-# Sample PAM file for doing smartcard authentication.
-# Distros should replace this with what makes sense for them.
-auth        required      pam_env.so
-auth        [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card card_only
-auth        requisite     pam_succeed_if.so uid >= 500 quiet
-auth        required      pam_deny.so
+auth        substack      smartcard-auth
+auth        required      pam_succeed_if.so user != root quiet
+auth        include       postlogin
 
-account     required      pam_unix.so
-account     sufficient    pam_localuser.so
-account     sufficient    pam_succeed_if.so uid < 500 quiet
-account     required      pam_permit.so
+account     required      pam_nologin.so
+account     include       smartcard-auth
 
-password    optional      pam_pkcs11.so
-password    requisite     pam_cracklib.so try_first_pass retry=3 type=
+password    include       smartcard-auth
 
-session     optional      pam_keyinit.so revoke
-session     required      pam_limits.so
-session     required      pam_unix.so
+session     required      pam_selinux.so close
+session     required      pam_loginuid.so
+session     optional      pam_console.so
+-session    optional    pam_ck_connector.so
+session     required      pam_selinux.so open
+session     optional      pam_keyinit.so force revoke
+session     required      pam_namespace.so
+session     include       smartcard-auth
+session     include       postlogin
diff --git a/data/pam-redhat/gdm-welcome.pam b/data/pam-redhat/gdm-welcome.pam
index b301f4f9..17f323e1 100644
--- a/data/pam-redhat/gdm-welcome.pam
+++ b/data/pam-redhat/gdm-welcome.pam
@@ -1,9 +1,11 @@
 #%PAM-1.0
 auth       required    pam_env.so
 auth       required    pam_permit.so
+auth       include     postlogin
 account    required    pam_nologin.so
 account    include     system-auth
 password   include     system-auth
 session    required    pam_loginuid.so
 session    optional    pam_keyinit.so force revoke
 session    include     system-auth
+session    include     postlogin
author	Ray Strode <rstrode@redhat.com>	2012-07-19 12:11:49 -0400
committer	Ray Strode <rstrode@redhat.com>	2012-07-19 12:14:34 -0400
commit	139ebd6890e165d3589d10dde565cb6f4295a394 (patch)
tree	5a91583f3c8b578f5ee2a0ff5916ba766a6983bd /data/pam-redhat
parent	0176ed8de6f45344a4bd1e42eba080144974dc05 (diff)
download	gdm-139ebd6890e165d3589d10dde565cb6f4295a394.tar.gz