[gdm] pam: update redhat pam files
- From: Ray Strode <halfline src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gdm] pam: update redhat pam files
- Date: Thu, 19 Jul 2012 16:15:02 +0000 (UTC)
commit 139ebd6890e165d3589d10dde565cb6f4295a394
Author: Ray Strode <rstrode redhat com>
Date: Thu Jul 19 12:11:49 2012 -0400
pam: update redhat pam files
commit 295d0bc42b11a9473a024b9cdca58bdd9197e905 made it so we
ship per-distro pam files upstream.
This commit updates those PAM files to be the latest version we
ship in Fedora.
https://bugzilla.gnome.org/show_bug.cgi?id=675085
data/pam-redhat/gdm-autologin.pam | 12 +++++++++---
data/pam-redhat/gdm-fingerprint.pam | 29 +++++++++++++++--------------
data/pam-redhat/gdm-password.pam | 34 ++++++++++++++++++----------------
data/pam-redhat/gdm-smartcard.pam | 30 +++++++++++++++---------------
data/pam-redhat/gdm-welcome.pam | 2 ++
5 files changed, 59 insertions(+), 48 deletions(-)
---
diff --git a/data/pam-redhat/gdm-autologin.pam b/data/pam-redhat/gdm-autologin.pam
index c4e598a..0616e66 100644
--- a/data/pam-redhat/gdm-autologin.pam
+++ b/data/pam-redhat/gdm-autologin.pam
@@ -1,10 +1,16 @@
-#%PAM-1.0
+ #%PAM-1.0
auth required pam_env.so
auth required pam_permit.so
+auth include postlogin
account required pam_nologin.so
account include system-auth
password include system-auth
-session optional pam_keyinit.so force revoke
-session include system-auth
+session required pam_selinux.so close
session required pam_loginuid.so
session optional pam_console.so
+-session optional pam_ck_connector.so
+session required pam_selinux.so open
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include system-auth
+session include postlogin
diff --git a/data/pam-redhat/gdm-fingerprint.pam b/data/pam-redhat/gdm-fingerprint.pam
index 1a1c777..684ac95 100644
--- a/data/pam-redhat/gdm-fingerprint.pam
+++ b/data/pam-redhat/gdm-fingerprint.pam
@@ -1,17 +1,18 @@
-# Sample PAM file for doing fingerprint authentication.
-# Distros should replace this with what makes sense for them.
-auth required pam_env.so
-auth required pam_fprintd.so
-auth sufficient pam_succeed_if.so uid >= 500 quiet
-auth required pam_deny.so
+auth substack fingerprint-auth
+auth required pam_succeed_if.so user != root quiet
+auth include postlogin
-account required pam_unix.so
-account sufficient pam_localuser.so
-account sufficient pam_succeed_if.so uid < 500 quiet
-account required pam_permit.so
+account required pam_nologin.so
+account include fingerprint-auth
-password required pam_deny.so
+password include fingerprint-auth
-session optional pam_keyinit.so revoke
-session required pam_limits.so
-session required pam_unix.so
+session required pam_selinux.so close
+session required pam_loginuid.so
+session optional pam_console.so
+-session optional pam_ck_connector.so
+session required pam_selinux.so open
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include fingerprint-auth
+session include postlogin
diff --git a/data/pam-redhat/gdm-password.pam b/data/pam-redhat/gdm-password.pam
index bac431d..650534c 100644
--- a/data/pam-redhat/gdm-password.pam
+++ b/data/pam-redhat/gdm-password.pam
@@ -1,19 +1,21 @@
-# Sample PAM file for doing password authentication.
-# Distros should replace this with what makes sense for them.
-auth required pam_env.so
-auth sufficient pam_unix.so nullok try_first_pass
-auth requisite pam_succeed_if.so uid >= 500 quiet
-auth required pam_deny.so
+auth [success=done ignore=ignore default=bad] pam_selinux_permit.so
+auth substack password-auth
+auth required pam_succeed_if.so user != root quiet
+auth optional pam_gnome_keyring.so
+auth include postlogin
-account required pam_unix.so
-account sufficient pam_localuser.so
-account sufficient pam_succeed_if.so uid < 500 quiet
-account required pam_permit.so
+account required pam_nologin.so
+account include password-auth
-password requisite pam_cracklib.so try_first_pass retry=3 type=
-password sufficient pam_unix.so nullok try_first_pass use_authtok
-password required pam_deny.so
+password include password-auth
-session optional pam_keyinit.so revoke
-session required pam_limits.so
-session required pam_unix.so
+session required pam_selinux.so close
+session required pam_loginuid.so
+session optional pam_console.so
+-session optional pam_ck_connector.so
+session required pam_selinux.so open
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include password-auth
+session optional pam_gnome_keyring.so auto_start
+session include postlogin
diff --git a/data/pam-redhat/gdm-smartcard.pam b/data/pam-redhat/gdm-smartcard.pam
index d5ac1fa..1c8c7b1 100644
--- a/data/pam-redhat/gdm-smartcard.pam
+++ b/data/pam-redhat/gdm-smartcard.pam
@@ -1,18 +1,18 @@
-# Sample PAM file for doing smartcard authentication.
-# Distros should replace this with what makes sense for them.
-auth required pam_env.so
-auth [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card card_only
-auth requisite pam_succeed_if.so uid >= 500 quiet
-auth required pam_deny.so
+auth substack smartcard-auth
+auth required pam_succeed_if.so user != root quiet
+auth include postlogin
-account required pam_unix.so
-account sufficient pam_localuser.so
-account sufficient pam_succeed_if.so uid < 500 quiet
-account required pam_permit.so
+account required pam_nologin.so
+account include smartcard-auth
-password optional pam_pkcs11.so
-password requisite pam_cracklib.so try_first_pass retry=3 type=
+password include smartcard-auth
-session optional pam_keyinit.so revoke
-session required pam_limits.so
-session required pam_unix.so
+session required pam_selinux.so close
+session required pam_loginuid.so
+session optional pam_console.so
+-session optional pam_ck_connector.so
+session required pam_selinux.so open
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include smartcard-auth
+session include postlogin
diff --git a/data/pam-redhat/gdm-welcome.pam b/data/pam-redhat/gdm-welcome.pam
index b301f4f..17f323e 100644
--- a/data/pam-redhat/gdm-welcome.pam
+++ b/data/pam-redhat/gdm-welcome.pam
@@ -1,9 +1,11 @@
#%PAM-1.0
auth required pam_env.so
auth required pam_permit.so
+auth include postlogin
account required pam_nologin.so
account include system-auth
password include system-auth
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
session include system-auth
+session include postlogin
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
