Add default PAM configuration

3 files changed, 54 insertions, 0 deletions

diff --git a/data/pam/lightdm b/data/pam/lightdm
new file mode 100644
index 00000000..45ea314e
--- /dev/null
+++ b/data/pam/lightdm
@@ -0,0 +1,19 @@
+#%PAM-1.0
+
+# Block login if they are disabled
+auth      required pam_nologin.so
+
+# Load environment from /etc/environment and ~/.pam_environment
+auth      required pam_env.so
+
+# Use /etc/passwd and /etc/shadow for passwords
+auth      required pam_unix.so
+
+# Check account is active, change password if required
+account   required pam_unix.so
+
+# Allow password to be changed
+password  required pam_unix.so
+
+# Setup session
+session   required pam_unix.so
diff --git a/data/pam/lightdm-autologin b/data/pam/lightdm-autologin
new file mode 100644
index 00000000..412ca5d4
--- /dev/null
+++ b/data/pam/lightdm-autologin
@@ -0,0 +1,19 @@
+#%PAM-1.0
+
+# Block login if they are globally disabled
+auth      required pam_nologin.so
+
+# Load environment from /etc/environment and ~/.pam_environment
+auth      required pam_env.so
+
+# Use /etc/passwd and /etc/shadow for passwords
+auth      required pam_unix.so
+
+# Stop autologin if account requires action
+account   required pam_unix.so
+
+# Can't change password
+password  required pam_deny.so
+
+# Setup session
+session   required pam_unix.so
diff --git a/data/pam/lightdm-greeter b/data/pam/lightdm-greeter
new file mode 100644
index 00000000..217c1d32
--- /dev/null
+++ b/data/pam/lightdm-greeter
@@ -0,0 +1,16 @@
+#%PAM-1.0
+
+# Load environment from /etc/environment and ~/.pam_environment
+auth      required pam_env.so
+
+# Always let the greeter start without authentication
+auth      required pam_permit.so
+
+# No action required for account management
+account   required pam_permit.so
+
+# Can't change password
+password  required pam_deny.so
+
+# Setup session
+session   required pam_unix.so