pam-exherbo: update to reflect pam changes

Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
author: Marc-Antoine Perennou <Marc-Antoine@Perennou.com> 2022-01-26 15:57:18 +0100
committer: Marc-Antoine Perennou <Marc-Antoine@Perennou.com> 2022-01-26 16:58:01 +0100
commit: be8d893ab1ad78e7e72068145c5481f82462267e (patch)
tree: 45b215f576f14cfea7a8e5dd8524c617bd0fdae7 /data
parent: 8b1237c7b1f3a42d57564098b5a5ff5282849f02 (diff)
download: gdm-be8d893ab1ad78e7e72068145c5481f82462267e.tar.gz
5 files changed, 36 insertions, 31 deletions
diff --git a/data/pam-exherbo/gdm-autologin.pam b/data/pam-exherbo/gdm-autologin.pam
index 1324f36d..283cd870 100644
--- a/data/pam-exherbo/gdm-autologin.pam
+++ b/data/pam-exherbo/gdm-autologin.pam
@@ -1,9 +1,7 @@
-# mirrors system-auth / system(-local)-login
-# except for the authentication method, which is:
-# always permit login
+#%PAM-1.0
 
 auth        [success=ok default=1] pam_gdm.so
--auth       optional    pam_gnome_keyring.so
+auth        optional    pam_gnome_keyring.so
 auth        sufficient  pam_permit.so
 
 account     include     system-local-login
@@ -11,4 +9,4 @@ account     include     system-local-login
 password    include     system-local-login
 
 session     include     system-local-login
--session    optional    pam_gnome_keyring.so auto_start
+session     optional    pam_gnome_keyring.so auto_start
diff --git a/data/pam-exherbo/gdm-fingerprint.pam b/data/pam-exherbo/gdm-fingerprint.pam
index 41639ece..ab8f7baf 100644
--- a/data/pam-exherbo/gdm-fingerprint.pam
+++ b/data/pam-exherbo/gdm-fingerprint.pam
@@ -1,10 +1,16 @@
-account  include  system-login
+#%PAM-1.0
 
-auth     substack fingerprint-auth
-auth     optional pam_gnome_keyring.so
+auth        required    pam_shells.so
+auth        required    pam_nologin.so
+auth        required    pam_faillock.so preauth
+auth        required    pam_fprintd.so
+auth        required    pam_env.so
+auth        [success=ok default=1] pam_gdm.so
+auth        optional    pam_gnome_keyring.so
 
-password required pam_deny.so
+account     include     system-local-login
 
-session  substack system-login
-session  optional pam_gnome_keyring.so auto_start
+password    include     system-local-login
 
+session     include     system-local-login
+session     optional    pam_gnome_keyring.so auto_start
diff --git a/data/pam-exherbo/gdm-launch-environment.pam b/data/pam-exherbo/gdm-launch-environment.pam
index 51a8e003..5df4c1ab 100644
--- a/data/pam-exherbo/gdm-launch-environment.pam
+++ b/data/pam-exherbo/gdm-launch-environment.pam
@@ -1,15 +1,16 @@
-account     required    pam_nologin.so
-account     required    pam_succeed_if.so audit quiet_success user = gdm
-account     required    pam_permit.so
+#%PAM-1.0
 
-auth        required    pam_env.so
 auth        required    pam_succeed_if.so audit quiet_success user = gdm
 auth        required    pam_permit.so
+auth        required    pam_env.so
+
+account     required    pam_succeed_if.so audit quiet_success user = gdm
+account     required    pam_permit.so
 
 password    required    pam_deny.so
 
--session    optional    pam_systemd.so
+session     optional    pam_loginuid.so
 session     optional    pam_keyinit.so force revoke
 session     required    pam_succeed_if.so audit quiet_success user = gdm
 session     required    pam_permit.so
-
+-session    optional    pam_systemd.so
diff --git a/data/pam-exherbo/gdm-password.pam b/data/pam-exherbo/gdm-password.pam
index d223f660..d462030a 100644
--- a/data/pam-exherbo/gdm-password.pam
+++ b/data/pam-exherbo/gdm-password.pam
@@ -1,10 +1,12 @@
-account  include  system-login
+#%PAM-1.0
 
-auth     substack system-login
+auth     include  system-local-login
 auth     optional pam_gnome_keyring.so
 
-password required pam_deny.so
+account  include  system-local-login
 
-session  substack system-login
-session  optional pam_gnome_keyring.so auto_start
+password include  system-local-login
+password optional pam_gnome_keyring.so use_authtok
 
+session  include  system-local-login
+session  optional pam_gnome_keyring.so auto_start
diff --git a/data/pam-exherbo/gdm-smartcard.pam b/data/pam-exherbo/gdm-smartcard.pam
index 0623c6ed..da650b86 100644
--- a/data/pam-exherbo/gdm-smartcard.pam
+++ b/data/pam-exherbo/gdm-smartcard.pam
@@ -1,18 +1,16 @@
-# mirrors system-auth / system(-local)-login
-# except for the authentication method, which is:
-# smartcard login
+#%PAM-1.0
 
-auth        required    pam_env.so
-auth        required    pam_tally.so file=/var/log/faillog onerr=succeed
 auth        required    pam_shells.so
 auth        required    pam_nologin.so
-auth [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card card_only
--auth       optional    pam_gnome_keyring.so
+auth        required    pam_faillock.so preauth
+auth        required    pam_pkcs11.so wait_for_card card_only
+auth        required    pam_env.so
+auth        [success=ok default=1] pam_gdm.so
+auth        optional    pam_gnome_keyring.so
 
 account     include     system-local-login
 
 password    include     system-local-login
 
 session     include     system-local-login
--session    optional    pam_gnome_keyring.so auto_start
-
+session     optional    pam_gnome_keyring.so auto_start
author	Marc-Antoine Perennou <Marc-Antoine@Perennou.com>	2022-01-26 15:57:18 +0100
committer	Marc-Antoine Perennou <Marc-Antoine@Perennou.com>	2022-01-26 16:58:01 +0100
commit	be8d893ab1ad78e7e72068145c5481f82462267e (patch)
tree	45b215f576f14cfea7a8e5dd8524c617bd0fdae7 /data
parent	8b1237c7b1f3a42d57564098b5a5ff5282849f02 (diff)
download	gdm-be8d893ab1ad78e7e72068145c5481f82462267e.tar.gz