[gdm] pam: don't call into pam_unix if pam_gdm fails for autolgoin

From: Ray Strode <halfline src gnome org>
To: commits-list gnome org
Cc:
Subject: [gdm] pam: don't call into pam_unix if pam_gdm fails for autolgoin
Date: Tue, 30 Aug 2016 20:41:07 +0000 (UTC)

commit aa7fbd983aa0a6e7b8208530e2e64a4faa55984d
Author: Ray Strode <rstrode redhat com>
Date:   Tue Aug 30 15:58:15 2016 -0400

    pam: don't call into pam_unix if pam_gdm fails for autolgoin
    
    If pam_gdm fails we shouldn't call into pam_unix since it can lead
    to the system asking for a password, and autologin isn't equipped for
    that.
    
    This commit changes the pam configuration to jump to pam_permit if
    pam_gdm fails.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=770612

 data/pam-exherbo/gdm-autologin.pam |    2 +-
 data/pam-redhat/gdm-autologin.pam  |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/data/pam-exherbo/gdm-autologin.pam b/data/pam-exherbo/gdm-autologin.pam
index 08f14a6..61f8e54 100644
--- a/data/pam-exherbo/gdm-autologin.pam
+++ b/data/pam-exherbo/gdm-autologin.pam
@@ -2,7 +2,7 @@
 # except for the authentication method, which is:
 # always permit login
 
-auth        optional    pam_gdm.so
+auth        [success=ok default=2] pam_gdm.so
 auth        substack    system-local-login
 -auth       optional    pam_gnome_keyring.so
 auth        sufficient  pam_permit.so
diff --git a/data/pam-redhat/gdm-autologin.pam b/data/pam-redhat/gdm-autologin.pam
index c2efea8..fbc9d9c 100644
--- a/data/pam-redhat/gdm-autologin.pam
+++ b/data/pam-redhat/gdm-autologin.pam
@@ -1,5 +1,5 @@
  #%PAM-1.0
-auth       optional    pam_gdm.so
+auth       [success=ok default=2]    pam_gdm.so
 auth       substack    password-auth
 auth       optional    pam_gnome_keyring.so
 auth       sufficient  pam_permit.so

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]