diff options
Diffstat (limited to 'system/lightdm/pam.d')
| -rw-r--r-- | system/lightdm/pam.d/lightdm | 30 | ||||
| -rw-r--r-- | system/lightdm/pam.d/lightdm-autologin | 32 | ||||
| -rw-r--r-- | system/lightdm/pam.d/lightdm-greeter | 19 |
3 files changed, 81 insertions, 0 deletions
diff --git a/system/lightdm/pam.d/lightdm b/system/lightdm/pam.d/lightdm new file mode 100644 index 0000000000..d1f26f4267 --- /dev/null +++ b/system/lightdm/pam.d/lightdm @@ -0,0 +1,30 @@ +#%PAM-1.0 + +# Block login if they are globally disabled +auth required pam_nologin.so + +# Load environment from /etc/environment and ~/.pam_environment +auth required pam_env.so + +# Use /etc/passwd and /etc/shadow for passwords +auth required pam_unix.so + +# Authentication support for gnome-keyring and kwallet5 +-auth optional pam_gnome_keyring.so +-auth optional pam_kwallet5.so + +# Check account is active, change password if required +account required pam_unix.so + +# Allow password to be changed +password required pam_unix.so + +# Setup session +# Support elogind (for Slackware) rather than systemd (as per lightdm's upstream default) +session required pam_unix.so +-session optional pam_elogind.so +-session optional pam_ck_connector.so nox11 + +# Auto-unlocking support for gnome-keyring and kwallet5 +-session optional pam_gnome_keyring.so auto_start +-session optional pam_kwallet5.so auto_start diff --git a/system/lightdm/pam.d/lightdm-autologin b/system/lightdm/pam.d/lightdm-autologin new file mode 100644 index 0000000000..48d0d76b1d --- /dev/null +++ b/system/lightdm/pam.d/lightdm-autologin @@ -0,0 +1,32 @@ +#%PAM-1.0 +# Block login if shell in nologin or false +auth required pam_succeed_if.so shell notin /sbin/nologin:/usr/sbin/nologin:/bin/false:/usr/bin/false + +# Block login if they are globally disabled +auth required pam_nologin.so + +# Load environment from /etc/environment and ~/.pam_environment +auth required pam_env.so + +# Allow access without authentication +auth required pam_permit.so + +# Authentication support for gnome-keyring and kwallet5 +-auth optional pam_gnome_keyring.so +-auth optional pam_kwallet5.so + +# Stop autologin if account requires action +account required pam_unix.so + +# Can't change password +password required pam_deny.so + +# Setup session +# Support elogind (for Slackware) rather than systemd (as per lightdm's upstream default) +session required pam_unix.so +-session optional pam_elogind.so +-session optional pam_ck_connector.so nox11 + +# Auto-unlocking support for gnome-keyring and kwallet5 +-session optional pam_gnome_keyring.so auto_start +-session optional pam_kwallet5.so auto_start diff --git a/system/lightdm/pam.d/lightdm-greeter b/system/lightdm/pam.d/lightdm-greeter new file mode 100644 index 0000000000..bdeede0d4b --- /dev/null +++ b/system/lightdm/pam.d/lightdm-greeter @@ -0,0 +1,19 @@ +#%PAM-1.0 + +# Load environment from /etc/environment and ~/.pam_environment +auth required pam_env.so + +# Always let the greeter start without authentication +auth required pam_permit.so + +# No action required for account management +account required pam_permit.so + +# Can't change password +password required pam_deny.so + +# Setup session +# Support elogind (for Slackware) rather than systemd (as per lightdm's upstream default) +session required pam_unix.so +-session optional pam_elogind.so +-session optional pam_ck_connector.so nox11 |