[gdm] Add gdm-pin service files

From: Ray Strode <halfline src gnome org>
To: commits-list gnome org
Cc:
Subject: [gdm] Add gdm-pin service files
Date: Wed, 20 Feb 2013 14:57:22 +0000 (UTC)
commit 63a34df6e049dee4db4d290e4e0ee3b0cd31ad59
Author: Giovanni Campagna <gcampagna src gnome org>
Date:   Sat Feb 16 17:01:28 2013 +0100

    Add gdm-pin service files
    
    Originally, the idea was to have pam-pin as an optional module in gdm-password,
    but since the PIN can easily get misconfigured, what we want here is
    to give the user a choice at the login screen, so we want two different
    conversations at the same time.
    The pin module is marked requisite, so if it fails we stop before touching
    the other modules and immediately report to the greeter (which then goes
    on with gdm-password)
    
    https://bugzilla.gnome.org/show_bug.cgi?id=693968

 data/Makefile.am                  |    4 ++++
 data/pam-exherbo/gdm-pin.pam      |   10 ++++++++++
 data/pam-lfs/gdm-pin.pam          |   20 ++++++++++++++++++++
 data/pam-openembedded/gdm-pin.pam |   13 +++++++++++++
 data/pam-redhat/gdm-pin.pam       |   22 ++++++++++++++++++++++
 5 files changed, 69 insertions(+), 0 deletions(-)
---
diff --git a/data/Makefile.am b/data/Makefile.am
index 794cd45..f85b578 100644
--- a/data/Makefile.am
+++ b/data/Makefile.am
@@ -97,12 +97,14 @@ pam_redhat_files = pam-redhat/gdm.pam               \
        pam-redhat/gdm-fingerprint.pam          \
        pam-redhat/gdm-smartcard.pam            \
        pam-redhat/gdm-password.pam             \
+       pam-redhat/gdm-pin.pam                  \
        $(NULL)
 EXTRA_DIST += $(pam_redhat_files)
 
 pam_openembedded_files = pam-openembedded/gdm.pam      \
        pam-openembedded/gdm-autologin.pam              \
        pam-openembedded/gdm-launch-environment.pam     \
+       pam-openembedded/gdm-pin.pam                    \
        $(NULL)
 EXTRA_DIST += $(pam_openembedded_files)
 
@@ -111,6 +113,7 @@ pam_exherbo_files = pam-exherbo/gdm-autologin.pam \
        pam-exherbo/gdm-fingerprint.pam          \
        pam-exherbo/gdm-smartcard.pam            \
        pam-exherbo/gdm-password.pam             \
+       pam-exherbo/gdm-pin.pam                  \
        $(NULL)
 EXTRA_DIST += $(pam_exherbo_files)
 
@@ -120,6 +123,7 @@ pam_lfs_files = pam-lfs/gdm.pam                     \
        pam-lfs/gdm-fingerprint.pam             \
        pam-lfs/gdm-smartcard.pam               \
        pam-lfs/gdm-password.pam                \
+       pam-lfs/gdm-pin.pam                     \
        $(NULL)
 EXTRA_DIST += $(pam_lfs_files)
 
diff --git a/data/pam-exherbo/gdm-pin.pam b/data/pam-exherbo/gdm-pin.pam
new file mode 100644
index 0000000..d62c773
--- /dev/null
+++ b/data/pam-exherbo/gdm-pin.pam
@@ -0,0 +1,10 @@
+account  include  system-login
+
+auth     requisite pam_pin.so
+auth     substack system-login
+auth     optional pam_gnome_keyring.so
+
+password required pam_deny.so
+
+session  substack system-login
+session  optional pam_gnome_keyring.so auto_start
\ No newline at end of file
diff --git a/data/pam-lfs/gdm-pin.pam b/data/pam-lfs/gdm-pin.pam
new file mode 100644
index 0000000..03d324e
--- /dev/null
+++ b/data/pam-lfs/gdm-pin.pam
@@ -0,0 +1,20 @@
+# Begin /etc/pam.d/gdm-password
+
+auth     requisite      pam_nologin.so
+auth     required       pam_env.so
+
+auth     required       pam_succeed_if.so uid >= 1000 quiet
+auth     requisite      pam_pin.so
+auth     include        system-auth
+auth     optional       pam_gnome_keyring.so
+
+account  include        system-account
+
+session  required       pam_limits.so
+session  include        system-session
+session  optional       pam_gnome_keyring.so auto_start
+
+password include        system-password
+password optional       pam_pin.so
+
+# End /etc/pam.d/gdm-password
diff --git a/data/pam-openembedded/gdm-pin.pam b/data/pam-openembedded/gdm-pin.pam
new file mode 100644
index 0000000..0c53680
--- /dev/null
+++ b/data/pam-openembedded/gdm-pin.pam
@@ -0,0 +1,13 @@
+#%PAM-1.0
+auth       required    pam_env.so
+auth       required    pam_succeed_if.so user != root quiet
+auth       requisite   pam_pin.so
+auth       include     common-auth
+account    required    pam_nologin.so
+account    include     common-account
+password   include     common-password
+password   optional    pam_pin.so
+session    optional    pam_keyinit.so force revoke
+session    include     common-session
+session    required    pam_loginuid.so
+session    optional    pam_console.so
diff --git a/data/pam-redhat/gdm-pin.pam b/data/pam-redhat/gdm-pin.pam
new file mode 100644
index 0000000..7594653
--- /dev/null
+++ b/data/pam-redhat/gdm-pin.pam
@@ -0,0 +1,22 @@
+auth     [success=done ignore=ignore default=bad] pam_selinux_permit.so
+auth        requisite     pam_pin.so
+auth        substack      password-auth
+auth        optional      pam_gnome_keyring.so
+auth        include       postlogin
+
+account     required      pam_nologin.so
+account     include       password-auth
+
+password    include       password-auth
+password    optional      pam_pin.so
+
+session     required      pam_selinux.so close
+session     required      pam_loginuid.so
+session     optional      pam_console.so
+-session    optional    pam_ck_connector.so
+session     required      pam_selinux.so open
+session     optional      pam_keyinit.so force revoke
+session     required      pam_namespace.so
+session     include       password-auth
+session     optional      pam_gnome_keyring.so auto_start
+session     include       postlogin
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]