From e92b0e3c56df36e8291a2f3dbef45e8332fab8ab Mon Sep 17 00:00:00 2001 From: Ray Strode Date: Fri, 16 Jan 2015 09:46:26 -0500 Subject: [PATCH] Revert "pam: drop postlogin from fedora pam config" This reverts commit 76d26d8c1c37c6bd38bcac082d5cc62670fe5d39. It breaks pam_ecryptfs. Downstream: https://bugzilla.redhat.com/show_bug.cgi?id=1174366 https://bugzilla.gnome.org/show_bug.cgi?id=743045 --- data/pam-redhat/gdm-autologin.pam | 2 ++ data/pam-redhat/gdm-fingerprint.pam | 2 ++ data/pam-redhat/gdm-launch-environment.pam | 2 ++ data/pam-redhat/gdm-password.pam | 2 ++ data/pam-redhat/gdm-pin.pam | 2 ++ data/pam-redhat/gdm-smartcard.pam | 2 ++ data/pam-redhat/gdm.pam | 3 +++ 7 files changed, 15 insertions(+) diff --git a/data/pam-redhat/gdm-autologin.pam b/data/pam-redhat/gdm-autologin.pam index 08d4543..0616e66 100644 --- a/data/pam-redhat/gdm-autologin.pam +++ b/data/pam-redhat/gdm-autologin.pam @@ -1,14 +1,16 @@ #%PAM-1.0 auth required pam_env.so auth required pam_permit.so +auth include postlogin account required pam_nologin.so account include system-auth password include system-auth session required pam_selinux.so close session required pam_loginuid.so session optional pam_console.so -session optional pam_ck_connector.so session required pam_selinux.so open session optional pam_keyinit.so force revoke session required pam_namespace.so session include system-auth +session include postlogin diff --git a/data/pam-redhat/gdm-fingerprint.pam b/data/pam-redhat/gdm-fingerprint.pam index ee0635d..c5a3598 100644 --- a/data/pam-redhat/gdm-fingerprint.pam +++ b/data/pam-redhat/gdm-fingerprint.pam @@ -1,15 +1,17 @@ auth substack fingerprint-auth +auth include postlogin account required pam_nologin.so account include fingerprint-auth password include fingerprint-auth session required pam_selinux.so close session required pam_loginuid.so session optional pam_console.so -session optional pam_ck_connector.so session required pam_selinux.so open session optional pam_keyinit.so force revoke session required pam_namespace.so session include fingerprint-auth +session include postlogin diff --git a/data/pam-redhat/gdm-launch-environment.pam b/data/pam-redhat/gdm-launch-environment.pam index f1811f1..a5130ea 100644 --- a/data/pam-redhat/gdm-launch-environment.pam +++ b/data/pam-redhat/gdm-launch-environment.pam @@ -1,7 +1,9 @@ #%PAM-1.0 auth required pam_env.so auth required pam_permit.so +auth include postlogin account include system-auth password include system-auth session optional pam_keyinit.so force revoke session include system-auth +session include postlogin diff --git a/data/pam-redhat/gdm-password.pam b/data/pam-redhat/gdm-password.pam index b95ca16..3006d0c 100644 --- a/data/pam-redhat/gdm-password.pam +++ b/data/pam-redhat/gdm-password.pam @@ -1,19 +1,21 @@ auth [success=done ignore=ignore default=bad] pam_selinux_permit.so auth substack password-auth auth optional pam_gnome_keyring.so +auth include postlogin account required pam_nologin.so account include password-auth password substack password-auth -password optional pam_gnome_keyring.so use_authtok session required pam_selinux.so close session required pam_loginuid.so session optional pam_console.so -session optional pam_ck_connector.so session required pam_selinux.so open session optional pam_keyinit.so force revoke session required pam_namespace.so session include password-auth session optional pam_gnome_keyring.so auto_start +session include postlogin diff --git a/data/pam-redhat/gdm-pin.pam b/data/pam-redhat/gdm-pin.pam index d0a4e71..7594653 100644 --- a/data/pam-redhat/gdm-pin.pam +++ b/data/pam-redhat/gdm-pin.pam @@ -1,20 +1,22 @@ auth [success=done ignore=ignore default=bad] pam_selinux_permit.so auth requisite pam_pin.so auth substack password-auth auth optional pam_gnome_keyring.so +auth include postlogin account required pam_nologin.so account include password-auth password include password-auth password optional pam_pin.so session required pam_selinux.so close session required pam_loginuid.so session optional pam_console.so -session optional pam_ck_connector.so session required pam_selinux.so open session optional pam_keyinit.so force revoke session required pam_namespace.so session include password-auth session optional pam_gnome_keyring.so auto_start +session include postlogin diff --git a/data/pam-redhat/gdm-smartcard.pam b/data/pam-redhat/gdm-smartcard.pam index d49eef9..c91cf0d 100644 --- a/data/pam-redhat/gdm-smartcard.pam +++ b/data/pam-redhat/gdm-smartcard.pam @@ -1,15 +1,17 @@ auth substack smartcard-auth +auth include postlogin account required pam_nologin.so account include smartcard-auth password include smartcard-auth session required pam_selinux.so close session required pam_loginuid.so session optional pam_console.so -session optional pam_ck_connector.so session required pam_selinux.so open session optional pam_keyinit.so force revoke session required pam_namespace.so session include smartcard-auth +session include postlogin diff --git a/data/pam-redhat/gdm.pam b/data/pam-redhat/gdm.pam index 9d95a51..baa058b 100644 --- a/data/pam-redhat/gdm.pam +++ b/data/pam-redhat/gdm.pam @@ -1,10 +1,13 @@ #%PAM-1.0 auth required pam_env.so auth sufficient pam_succeed_if.so user ingroup nopasswdlogin +auth include postlogin auth include system-auth +account required pam_nologin.so account include system-auth password include system-auth session optional pam_keyinit.so force revoke session include system-auth session required pam_loginuid.so session optional pam_console.so +session include postlogin -- 2.3.7