6 files changed, 96 insertions, 0 deletions

diff --git a/old/install-files/gnome/etc/pam.d/gdm b/old/install-files/gnome/etc/pam.d/gdm
new file mode 100644
index 00000000..42036102
--- /dev/null
+++ b/old/install-files/gnome/etc/pam.d/gdm
@@ -0,0 +1,15 @@
+# Baserock customized /etc/pam.d/gdm
+#
+
+auth     requisite      pam_nologin.so
+auth     required       pam_env.so
+
+auth     required       pam_succeed_if.so uid >= 1000 quiet
+auth     include        system-auth
+
+account  include        system-auth
+password include        system-auth
+
+session  optional       pam_keyinit.so force revoke
+session  include        system-auth
+session  required       pam_loginuid.so
diff --git a/old/install-files/gnome/etc/pam.d/gdm-autologin b/old/install-files/gnome/etc/pam.d/gdm-autologin
new file mode 100644
index 00000000..c99449ac
--- /dev/null
+++ b/old/install-files/gnome/etc/pam.d/gdm-autologin
@@ -0,0 +1,17 @@
+# Baserock customized /etc/pam.d/gdm-autologin
+#
+
+auth     requisite      pam_nologin.so
+auth     required       pam_env.so
+
+auth     required       pam_succeed_if.so uid >= 1000 quiet
+auth     required       pam_permit.so
+auth     optional       pam_gnome_keyring.so
+
+account  include        system-auth
+password include        system-auth
+
+session  required       pam_loginuid.so
+session  optional       pam_keyinit.so force revoke
+session  required       pam_namespace.so
+session  include        system-auth
diff --git a/old/install-files/gnome/etc/pam.d/gdm-launch-environment b/old/install-files/gnome/etc/pam.d/gdm-launch-environment
new file mode 100644
index 00000000..f63c80fa
--- /dev/null
+++ b/old/install-files/gnome/etc/pam.d/gdm-launch-environment
@@ -0,0 +1,11 @@
+# Baserock customized /etc/pam.d/gdm-launch-environment
+#
+
+auth     required       pam_env.so
+auth     optional       pam_permit.so
+
+account  include        system-auth
+password include        system-auth
+
+session  optional       pam_keyinit.so force revoke
+session  include        system-auth
diff --git a/old/install-files/gnome/etc/pam.d/gdm-password b/old/install-files/gnome/etc/pam.d/gdm-password
new file mode 100644
index 00000000..798d40a6
--- /dev/null
+++ b/old/install-files/gnome/etc/pam.d/gdm-password
@@ -0,0 +1,24 @@
+# Baserock customized /etc/pam.d/gdm-password
+#
+# This configuration ensures that the default keyring
+# is unlocked at gdm login time, and also that the
+# authentication token is used to update the keyring
+# when the password is set.
+
+auth     requisite      pam_nologin.so
+auth     required       pam_env.so
+
+auth     required       pam_succeed_if.so uid >= 1000 quiet
+auth     substack       system-auth
+auth     optional       pam_gnome_keyring.so
+
+account  include        system-auth
+password substack       system-auth
+password optional       pam_gnome_keyring.so use_authtok
+
+session  required       pam_limits.so
+session  required       pam_loginuid.so
+session  optional       pam_keyinit.so force revoke
+session  required       pam_namespace.so
+session  substack       system-auth
+session  optional       pam_gnome_keyring.so auto_start
diff --git a/old/install-files/gnome/etc/pam.d/passwd b/old/install-files/gnome/etc/pam.d/passwd
new file mode 100644
index 00000000..e0c98057
--- /dev/null
+++ b/old/install-files/gnome/etc/pam.d/passwd
@@ -0,0 +1,10 @@
+# Baserock customized /etc/pam.d/passwd
+#
+# This configuration ensures authentication token
+# is used to update the keyring when the password is set
+# using the regular passwd mechanism
+
+auth            include         system-auth
+account         include         system-auth
+password        substack        system-auth
+password        optional        pam_gnome_keyring.so use_authtok
diff --git a/old/install-files/gnome/etc/pam.d/system-auth b/old/install-files/gnome/etc/pam.d/system-auth
new file mode 100644
index 00000000..73d3968c
--- /dev/null
+++ b/old/install-files/gnome/etc/pam.d/system-auth
@@ -0,0 +1,19 @@
+# Baserock customized /etc/pam.d/system-auth
+#
+# This configuration is modified from the upstream
+# systemd provided file mostly because the upstream file
+# tries to pass the invalid 'try_authtok' option to the
+# pam_unix.so module.
+
+auth     sufficient pam_unix.so nullok try_first_pass
+auth     requisite  pam_deny.so
+
+account  required   pam_nologin.so
+account  sufficient pam_unix.so
+
+password sufficient pam_unix.so nullok sha512 shadow try_first_pass
+password required   pam_deny.so
+
+-session optional   pam_loginuid.so
+-session optional   pam_systemd.so
+session  sufficient pam_unix.so