diff options
Diffstat (limited to 'data/pam-redhat')
-rw-r--r-- | data/pam-redhat/gdm-autologin.pam | 12 | ||||
-rw-r--r-- | data/pam-redhat/gdm-fingerprint.pam | 29 | ||||
-rw-r--r-- | data/pam-redhat/gdm-password.pam | 34 | ||||
-rw-r--r-- | data/pam-redhat/gdm-smartcard.pam | 30 | ||||
-rw-r--r-- | data/pam-redhat/gdm-welcome.pam | 2 |
5 files changed, 59 insertions, 48 deletions
diff --git a/data/pam-redhat/gdm-autologin.pam b/data/pam-redhat/gdm-autologin.pam index c4e598af..0616e66f 100644 --- a/data/pam-redhat/gdm-autologin.pam +++ b/data/pam-redhat/gdm-autologin.pam @@ -1,10 +1,16 @@ -#%PAM-1.0 + #%PAM-1.0 auth required pam_env.so auth required pam_permit.so +auth include postlogin account required pam_nologin.so account include system-auth password include system-auth -session optional pam_keyinit.so force revoke -session include system-auth +session required pam_selinux.so close session required pam_loginuid.so session optional pam_console.so +-session optional pam_ck_connector.so +session required pam_selinux.so open +session optional pam_keyinit.so force revoke +session required pam_namespace.so +session include system-auth +session include postlogin diff --git a/data/pam-redhat/gdm-fingerprint.pam b/data/pam-redhat/gdm-fingerprint.pam index 1a1c7772..684ac95f 100644 --- a/data/pam-redhat/gdm-fingerprint.pam +++ b/data/pam-redhat/gdm-fingerprint.pam @@ -1,17 +1,18 @@ -# Sample PAM file for doing fingerprint authentication. -# Distros should replace this with what makes sense for them. -auth required pam_env.so -auth required pam_fprintd.so -auth sufficient pam_succeed_if.so uid >= 500 quiet -auth required pam_deny.so +auth substack fingerprint-auth +auth required pam_succeed_if.so user != root quiet +auth include postlogin -account required pam_unix.so -account sufficient pam_localuser.so -account sufficient pam_succeed_if.so uid < 500 quiet -account required pam_permit.so +account required pam_nologin.so +account include fingerprint-auth -password required pam_deny.so +password include fingerprint-auth -session optional pam_keyinit.so revoke -session required pam_limits.so -session required pam_unix.so +session required pam_selinux.so close +session required pam_loginuid.so +session optional pam_console.so +-session optional pam_ck_connector.so +session required pam_selinux.so open +session optional pam_keyinit.so force revoke +session required pam_namespace.so +session include fingerprint-auth +session include postlogin diff --git a/data/pam-redhat/gdm-password.pam b/data/pam-redhat/gdm-password.pam index bac431d3..650534ce 100644 --- a/data/pam-redhat/gdm-password.pam +++ b/data/pam-redhat/gdm-password.pam @@ -1,19 +1,21 @@ -# Sample PAM file for doing password authentication. -# Distros should replace this with what makes sense for them. -auth required pam_env.so -auth sufficient pam_unix.so nullok try_first_pass -auth requisite pam_succeed_if.so uid >= 500 quiet -auth required pam_deny.so +auth [success=done ignore=ignore default=bad] pam_selinux_permit.so +auth substack password-auth +auth required pam_succeed_if.so user != root quiet +auth optional pam_gnome_keyring.so +auth include postlogin -account required pam_unix.so -account sufficient pam_localuser.so -account sufficient pam_succeed_if.so uid < 500 quiet -account required pam_permit.so +account required pam_nologin.so +account include password-auth -password requisite pam_cracklib.so try_first_pass retry=3 type= -password sufficient pam_unix.so nullok try_first_pass use_authtok -password required pam_deny.so +password include password-auth -session optional pam_keyinit.so revoke -session required pam_limits.so -session required pam_unix.so +session required pam_selinux.so close +session required pam_loginuid.so +session optional pam_console.so +-session optional pam_ck_connector.so +session required pam_selinux.so open +session optional pam_keyinit.so force revoke +session required pam_namespace.so +session include password-auth +session optional pam_gnome_keyring.so auto_start +session include postlogin diff --git a/data/pam-redhat/gdm-smartcard.pam b/data/pam-redhat/gdm-smartcard.pam index d5ac1fab..1c8c7b15 100644 --- a/data/pam-redhat/gdm-smartcard.pam +++ b/data/pam-redhat/gdm-smartcard.pam @@ -1,18 +1,18 @@ -# Sample PAM file for doing smartcard authentication. -# Distros should replace this with what makes sense for them. -auth required pam_env.so -auth [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card card_only -auth requisite pam_succeed_if.so uid >= 500 quiet -auth required pam_deny.so +auth substack smartcard-auth +auth required pam_succeed_if.so user != root quiet +auth include postlogin -account required pam_unix.so -account sufficient pam_localuser.so -account sufficient pam_succeed_if.so uid < 500 quiet -account required pam_permit.so +account required pam_nologin.so +account include smartcard-auth -password optional pam_pkcs11.so -password requisite pam_cracklib.so try_first_pass retry=3 type= +password include smartcard-auth -session optional pam_keyinit.so revoke -session required pam_limits.so -session required pam_unix.so +session required pam_selinux.so close +session required pam_loginuid.so +session optional pam_console.so +-session optional pam_ck_connector.so +session required pam_selinux.so open +session optional pam_keyinit.so force revoke +session required pam_namespace.so +session include smartcard-auth +session include postlogin diff --git a/data/pam-redhat/gdm-welcome.pam b/data/pam-redhat/gdm-welcome.pam index b301f4f9..17f323e1 100644 --- a/data/pam-redhat/gdm-welcome.pam +++ b/data/pam-redhat/gdm-welcome.pam @@ -1,9 +1,11 @@ #%PAM-1.0 auth required pam_env.so auth required pam_permit.so +auth include postlogin account required pam_nologin.so account include system-auth password include system-auth session required pam_loginuid.so session optional pam_keyinit.so force revoke session include system-auth +session include postlogin |