diff options
Diffstat (limited to 'install-files')
-rw-r--r-- | install-files/gnome/etc/pam.d/gdm | 15 | ||||
-rw-r--r-- | install-files/gnome/etc/pam.d/gdm-autologin | 17 | ||||
-rw-r--r-- | install-files/gnome/etc/pam.d/gdm-launch-environment | 8 | ||||
-rw-r--r-- | install-files/gnome/etc/pam.d/gdm-password | 24 | ||||
-rw-r--r-- | install-files/gnome/etc/pam.d/passwd | 10 | ||||
-rw-r--r-- | install-files/gnome/etc/pam.d/system-auth | 19 | ||||
-rw-r--r-- | install-files/gnome/manifest | 5 |
7 files changed, 93 insertions, 5 deletions
diff --git a/install-files/gnome/etc/pam.d/gdm b/install-files/gnome/etc/pam.d/gdm new file mode 100644 index 00000000..42036102 --- /dev/null +++ b/install-files/gnome/etc/pam.d/gdm @@ -0,0 +1,15 @@ +# Baserock customized /etc/pam.d/gdm +# + +auth requisite pam_nologin.so +auth required pam_env.so + +auth required pam_succeed_if.so uid >= 1000 quiet +auth include system-auth + +account include system-auth +password include system-auth + +session optional pam_keyinit.so force revoke +session include system-auth +session required pam_loginuid.so diff --git a/install-files/gnome/etc/pam.d/gdm-autologin b/install-files/gnome/etc/pam.d/gdm-autologin new file mode 100644 index 00000000..c99449ac --- /dev/null +++ b/install-files/gnome/etc/pam.d/gdm-autologin @@ -0,0 +1,17 @@ +# Baserock customized /etc/pam.d/gdm-autologin +# + +auth requisite pam_nologin.so +auth required pam_env.so + +auth required pam_succeed_if.so uid >= 1000 quiet +auth required pam_permit.so +auth optional pam_gnome_keyring.so + +account include system-auth +password include system-auth + +session required pam_loginuid.so +session optional pam_keyinit.so force revoke +session required pam_namespace.so +session include system-auth diff --git a/install-files/gnome/etc/pam.d/gdm-launch-environment b/install-files/gnome/etc/pam.d/gdm-launch-environment index 0e49df04..f63c80fa 100644 --- a/install-files/gnome/etc/pam.d/gdm-launch-environment +++ b/install-files/gnome/etc/pam.d/gdm-launch-environment @@ -1,13 +1,11 @@ -# Begin /etc/pam.d/gdm-launch-environment +# Baserock customized /etc/pam.d/gdm-launch-environment +# auth required pam_env.so auth optional pam_permit.so account include system-auth - -password required pam_deny.so +password include system-auth session optional pam_keyinit.so force revoke session include system-auth - -# End /etc/pam.d/gdm-launch-environment diff --git a/install-files/gnome/etc/pam.d/gdm-password b/install-files/gnome/etc/pam.d/gdm-password new file mode 100644 index 00000000..798d40a6 --- /dev/null +++ b/install-files/gnome/etc/pam.d/gdm-password @@ -0,0 +1,24 @@ +# Baserock customized /etc/pam.d/gdm-password +# +# This configuration ensures that the default keyring +# is unlocked at gdm login time, and also that the +# authentication token is used to update the keyring +# when the password is set. + +auth requisite pam_nologin.so +auth required pam_env.so + +auth required pam_succeed_if.so uid >= 1000 quiet +auth substack system-auth +auth optional pam_gnome_keyring.so + +account include system-auth +password substack system-auth +password optional pam_gnome_keyring.so use_authtok + +session required pam_limits.so +session required pam_loginuid.so +session optional pam_keyinit.so force revoke +session required pam_namespace.so +session substack system-auth +session optional pam_gnome_keyring.so auto_start diff --git a/install-files/gnome/etc/pam.d/passwd b/install-files/gnome/etc/pam.d/passwd new file mode 100644 index 00000000..e0c98057 --- /dev/null +++ b/install-files/gnome/etc/pam.d/passwd @@ -0,0 +1,10 @@ +# Baserock customized /etc/pam.d/passwd +# +# This configuration ensures authentication token +# is used to update the keyring when the password is set +# using the regular passwd mechanism + +auth include system-auth +account include system-auth +password substack system-auth +password optional pam_gnome_keyring.so use_authtok diff --git a/install-files/gnome/etc/pam.d/system-auth b/install-files/gnome/etc/pam.d/system-auth new file mode 100644 index 00000000..73d3968c --- /dev/null +++ b/install-files/gnome/etc/pam.d/system-auth @@ -0,0 +1,19 @@ +# Baserock customized /etc/pam.d/system-auth +# +# This configuration is modified from the upstream +# systemd provided file mostly because the upstream file +# tries to pass the invalid 'try_authtok' option to the +# pam_unix.so module. + +auth sufficient pam_unix.so nullok try_first_pass +auth requisite pam_deny.so + +account required pam_nologin.so +account sufficient pam_unix.so + +password sufficient pam_unix.so nullok sha512 shadow try_first_pass +password required pam_deny.so + +-session optional pam_loginuid.so +-session optional pam_systemd.so +session sufficient pam_unix.so diff --git a/install-files/gnome/manifest b/install-files/gnome/manifest index 79569060..d72a5e89 100644 --- a/install-files/gnome/manifest +++ b/install-files/gnome/manifest @@ -1,4 +1,9 @@ 0100644 0 0 /etc/securetty overwrite 0100644 0 0 /etc/ssh/sshd_config +overwrite 0100644 0 0 /etc/pam.d/passwd +overwrite 0100644 0 0 /etc/pam.d/system-auth +overwrite 0100644 0 0 /etc/pam.d/gdm +overwrite 0100644 0 0 /etc/pam.d/gdm-password +overwrite 0100644 0 0 /etc/pam.d/gdm-autologin overwrite 0100644 0 0 /etc/pam.d/gdm-launch-environment 0100644 0 0 /usr/share/polkit-1/rules.d/geoclue-2.0.rules |