[gnome-build-meta/tristan/gnome-boot: 6/11] core/gdm.bst: Added custom GDM pam configuration
- From: Tristan Van Berkom <tvb src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-build-meta/tristan/gnome-boot: 6/11] core/gdm.bst: Added custom GDM pam configuration
- Date: Wed, 17 Jul 2019 12:09:56 +0000 (UTC)
commit 7253316b2c6352c296ff2a65a0def726d45f32aa
Author: Tristan Van Berkom <tristan vanberkom codethink co uk>
Date: Fri Jul 12 19:13:36 2019 +0900
core/gdm.bst: Added custom GDM pam configuration
Our PAM configuration resembles the redhat one, but we do not
use selinux, and we do not build PAM with the third party patch
which enables the pam_console.so module, so we need a different
variant.
Eventually we could upstream a GNOME configuration for
GDM integration into GNOME system images.
elements/core/gdm.bst | 9 ++++++++-
files/gdm/gdm-autologin.pam | 13 +++++++++++++
files/gdm/gdm-fingerprint.pam | 13 +++++++++++++
files/gdm/gdm-launch-environment.pam | 9 +++++++++
files/gdm/gdm-password.pam | 16 ++++++++++++++++
files/gdm/gdm-pin.pam | 17 +++++++++++++++++
files/gdm/gdm-smartcard.pam | 13 +++++++++++++
7 files changed, 89 insertions(+), 1 deletion(-)
---
diff --git a/elements/core/gdm.bst b/elements/core/gdm.bst
index d3ae046f..76601dcd 100644
--- a/elements/core/gdm.bst
+++ b/elements/core/gdm.bst
@@ -21,10 +21,10 @@ depends:
junction: freedesktop-sdk.bst
variables:
sysusersdir: "%{prefix}/lib/sysusers.d"
+ pamdir: "%{sysconfdir}/pam.d"
conf-local: >-
--enable-wayland-support
--with-pam-prefix=%{sysconfdir}
- --with-default-pam-config=lfs
--with-run-dir=/run/gdm
--with-plymouth=no
@@ -33,3 +33,10 @@ config:
(>):
- mkdir -p %{install-root}%{sysusersdir}
- install -m 644 gdm-config/gdm-sysusers.conf %{install-root}%{sysusersdir}/gdm.conf
+
+ - mkdir -p %{pamdir}
+ - |
+ # Our configuration is similar to redhat but without selinux
+ for conffile in `find gdm-config/ -name "*.pam"`; do
+ install -m 644 $conffile %{install-root}%{pamdir}/$(basename ${conffile%.pam})
+ done
diff --git a/files/gdm/gdm-autologin.pam b/files/gdm/gdm-autologin.pam
new file mode 100644
index 00000000..939dc8ce
--- /dev/null
+++ b/files/gdm/gdm-autologin.pam
@@ -0,0 +1,13 @@
+#%PAM-1.0
+auth [success=ok default=1] pam_gdm.so
+-auth optional pam_gnome_keyring.so
+auth sufficient pam_permit.so
+account required pam_nologin.so
+account include system-auth
+password include system-auth
+session required pam_loginuid.so
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include system-auth
+session optional pam_gnome_keyring.so auto_start
+session include postlogin
diff --git a/files/gdm/gdm-fingerprint.pam b/files/gdm/gdm-fingerprint.pam
new file mode 100644
index 00000000..0c15cf48
--- /dev/null
+++ b/files/gdm/gdm-fingerprint.pam
@@ -0,0 +1,13 @@
+auth substack fingerprint-auth
+auth include postlogin
+
+account required pam_nologin.so
+account include fingerprint-auth
+
+password include fingerprint-auth
+
+session required pam_loginuid.so
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include fingerprint-auth
+session include postlogin
diff --git a/files/gdm/gdm-launch-environment.pam b/files/gdm/gdm-launch-environment.pam
new file mode 100644
index 00000000..2e9ea2b9
--- /dev/null
+++ b/files/gdm/gdm-launch-environment.pam
@@ -0,0 +1,9 @@
+#%PAM-1.0
+auth required pam_env.so
+auth required pam_permit.so
+auth include postlogin
+account required pam_permit.so
+password required pam_permit.so
+session optional pam_keyinit.so force revoke
+session include system-auth
+session include postlogin
diff --git a/files/gdm/gdm-password.pam b/files/gdm/gdm-password.pam
new file mode 100644
index 00000000..f74c29a0
--- /dev/null
+++ b/files/gdm/gdm-password.pam
@@ -0,0 +1,16 @@
+auth substack password-auth
+auth optional pam_gnome_keyring.so
+auth include postlogin
+
+account required pam_nologin.so
+account include password-auth
+
+password substack password-auth
+-password optional pam_gnome_keyring.so use_authtok
+
+session required pam_loginuid.so
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include password-auth
+session optional pam_gnome_keyring.so auto_start
+session include postlogin
diff --git a/files/gdm/gdm-pin.pam b/files/gdm/gdm-pin.pam
new file mode 100644
index 00000000..bdd52a0a
--- /dev/null
+++ b/files/gdm/gdm-pin.pam
@@ -0,0 +1,17 @@
+auth requisite pam_pin.so
+auth substack password-auth
+auth optional pam_gnome_keyring.so
+auth include postlogin
+
+account required pam_nologin.so
+account include password-auth
+
+password include password-auth
+password optional pam_pin.so
+
+session required pam_loginuid.so
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include password-auth
+session optional pam_gnome_keyring.so auto_start
+session include postlogin
diff --git a/files/gdm/gdm-smartcard.pam b/files/gdm/gdm-smartcard.pam
new file mode 100644
index 00000000..618d1ccb
--- /dev/null
+++ b/files/gdm/gdm-smartcard.pam
@@ -0,0 +1,13 @@
+auth substack smartcard-auth
+auth include postlogin
+
+account required pam_nologin.so
+account include smartcard-auth
+
+password include smartcard-auth
+
+session required pam_loginuid.so
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include smartcard-auth
+session include postlogin
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]