[gnome-build-meta/tristan/gnome-boot: 4/14] core/gdm.bst: Added custom GDM pam configuration
- From: Tristan Van Berkom <tvb src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-build-meta/tristan/gnome-boot: 4/14] core/gdm.bst: Added custom GDM pam configuration
- Date: Fri, 31 May 2019 07:46:04 +0000 (UTC)
commit 48761c944527cf912cdd7a782d40e3514615cdc7
Author: Tristan Van Berkom <tristan vanberkom codethink co uk>
Date: Fri May 31 16:10:29 2019 +0900
core/gdm.bst: Added custom GDM pam configuration
Our PAM configuration resembles the redhat one, but we do not
use selinux, so we need a different variant.
Eventually we could upstream a GNOME configuration for
GDM integration into GNOME system images.
elements/core/gdm.bst | 9 ++++++++-
files/gdm/gdm-autologin.pam | 14 ++++++++++++++
files/gdm/gdm-fingerprint.pam | 14 ++++++++++++++
files/gdm/gdm-launch-environment.pam | 9 +++++++++
files/gdm/gdm-password.pam | 17 +++++++++++++++++
files/gdm/gdm-pin.pam | 18 ++++++++++++++++++
files/gdm/gdm-smartcard.pam | 14 ++++++++++++++
7 files changed, 94 insertions(+), 1 deletion(-)
---
diff --git a/elements/core/gdm.bst b/elements/core/gdm.bst
index ca97d612..77f9bb09 100644
--- a/elements/core/gdm.bst
+++ b/elements/core/gdm.bst
@@ -21,10 +21,10 @@ depends:
junction: freedesktop-sdk.bst
variables:
sysusersdir: "%{prefix}/lib/sysusers.d"
+ pamdir: "%{sysconfdir}/pam.d"
conf-local: |
--enable-wayland-support \
--with-pam-prefix=%{sysconfdir} \
- --with-default-pam-config=lfs \
--with-run-dir=/run/gdm \
--with-plymouth=no
@@ -33,3 +33,10 @@ config:
(>):
- mkdir -p %{install-root}%{sysusersdir}
- install -m 644 gdm-config/gdm-sysusers.conf %{install-root}%{sysusersdir}/gdm.conf
+
+ - mkdir -p %{pamdir}
+ - |
+ # Our configuration is similar to redhat but without selinux
+ for conffile in `find gdm-config/ -name "*.pam"`; do
+ install -m 644 $conffile %{install-root}%{pamdir}/$(basename ${conffile%.pam})
+ done
diff --git a/files/gdm/gdm-autologin.pam b/files/gdm/gdm-autologin.pam
new file mode 100644
index 00000000..85d8d65e
--- /dev/null
+++ b/files/gdm/gdm-autologin.pam
@@ -0,0 +1,14 @@
+#%PAM-1.0
+auth [success=ok default=1] pam_gdm.so
+-auth optional pam_gnome_keyring.so
+auth sufficient pam_permit.so
+account required pam_nologin.so
+account include system-auth
+password include system-auth
+session required pam_loginuid.so
+session optional pam_console.so
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include system-auth
+session optional pam_gnome_keyring.so auto_start
+session include postlogin
diff --git a/files/gdm/gdm-fingerprint.pam b/files/gdm/gdm-fingerprint.pam
new file mode 100644
index 00000000..727936d7
--- /dev/null
+++ b/files/gdm/gdm-fingerprint.pam
@@ -0,0 +1,14 @@
+auth substack fingerprint-auth
+auth include postlogin
+
+account required pam_nologin.so
+account include fingerprint-auth
+
+password include fingerprint-auth
+
+session required pam_loginuid.so
+session optional pam_console.so
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include fingerprint-auth
+session include postlogin
diff --git a/files/gdm/gdm-launch-environment.pam b/files/gdm/gdm-launch-environment.pam
new file mode 100644
index 00000000..2e9ea2b9
--- /dev/null
+++ b/files/gdm/gdm-launch-environment.pam
@@ -0,0 +1,9 @@
+#%PAM-1.0
+auth required pam_env.so
+auth required pam_permit.so
+auth include postlogin
+account required pam_permit.so
+password required pam_permit.so
+session optional pam_keyinit.so force revoke
+session include system-auth
+session include postlogin
diff --git a/files/gdm/gdm-password.pam b/files/gdm/gdm-password.pam
new file mode 100644
index 00000000..d8284653
--- /dev/null
+++ b/files/gdm/gdm-password.pam
@@ -0,0 +1,17 @@
+auth substack password-auth
+auth optional pam_gnome_keyring.so
+auth include postlogin
+
+account required pam_nologin.so
+account include password-auth
+
+password substack password-auth
+-password optional pam_gnome_keyring.so use_authtok
+
+session required pam_loginuid.so
+session optional pam_console.so
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include password-auth
+session optional pam_gnome_keyring.so auto_start
+session include postlogin
diff --git a/files/gdm/gdm-pin.pam b/files/gdm/gdm-pin.pam
new file mode 100644
index 00000000..fe6b4665
--- /dev/null
+++ b/files/gdm/gdm-pin.pam
@@ -0,0 +1,18 @@
+auth requisite pam_pin.so
+auth substack password-auth
+auth optional pam_gnome_keyring.so
+auth include postlogin
+
+account required pam_nologin.so
+account include password-auth
+
+password include password-auth
+password optional pam_pin.so
+
+session required pam_loginuid.so
+session optional pam_console.so
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include password-auth
+session optional pam_gnome_keyring.so auto_start
+session include postlogin
diff --git a/files/gdm/gdm-smartcard.pam b/files/gdm/gdm-smartcard.pam
new file mode 100644
index 00000000..550d2a52
--- /dev/null
+++ b/files/gdm/gdm-smartcard.pam
@@ -0,0 +1,14 @@
+auth substack smartcard-auth
+auth include postlogin
+
+account required pam_nologin.so
+account include smartcard-auth
+
+password include smartcard-auth
+
+session required pam_loginuid.so
+session optional pam_console.so
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include smartcard-auth
+session include postlogin
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]