Merge pull request #124 from pop-os/pam
Add custom PAM configuration to start gnome-keyring
This commit is contained in:
Jeremy Soller
GitHub
commit
ff03667847
5 changed files with 29 additions and 4 deletions
|
|
@ -2,7 +2,7 @@
|
|||
vt = "1"
|
||||
|
||||
[general]
|
||||
service = "login"
|
||||
service = "cosmic-greeter"
|
||||
|
||||
[default_session]
|
||||
command = "cosmic-comp systemd-cat -t cosmic-greeter cosmic-greeter"
|
||||
|
|
|
|||
25
debian/cosmic-greeter.pam
vendored
Normal file
25
debian/cosmic-greeter.pam
vendored
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
#%PAM-1.0
|
||||
auth requisite pam_nologin.so
|
||||
auth required pam_succeed_if.so user != root quiet_success
|
||||
@include common-auth
|
||||
auth optional pam_gnome_keyring.so
|
||||
@include common-account
|
||||
# SELinux needs to be the first session rule. This ensures that any
|
||||
# lingering context has been cleared. Without this it is possible
|
||||
# that a module could execute code in the wrong domain.
|
||||
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
|
||||
session required pam_loginuid.so
|
||||
# SELinux needs to intervene at login time to ensure that the process
|
||||
# starts in the proper default security context. Only sessions which are
|
||||
# intended to run in the user's context should be run after this.
|
||||
# pam_selinux.so changes the SELinux context of the used TTY and configures
|
||||
# SELinux in order to transition to the user context with the next execve()
|
||||
# call.
|
||||
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
|
||||
session optional pam_keyinit.so force revoke
|
||||
session required pam_limits.so
|
||||
session required pam_env.so readenv=1
|
||||
session required pam_env.so readenv=1 user_readenv=1 envfile=/etc/default/locale
|
||||
@include common-session
|
||||
session optional pam_gnome_keyring.so auto_start
|
||||
@include common-password
|
||||
1
debian/rules
vendored
1
debian/rules
vendored
|
|
@ -22,6 +22,7 @@ override_dh_auto_install:
|
|||
just rootdir=$(DESTDIR) install-debian
|
||||
|
||||
execute_after_dh_install:
|
||||
dh_installpam
|
||||
dh_installsysusers
|
||||
|
||||
override_dh_installsystemd:
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ fn main() {
|
|||
let passwd = pwd::Passwd::current_user().expect("Failed to get current user");
|
||||
|
||||
let mut context = Context::new(
|
||||
"login", // Service name, decides which policy is used (see `/etc/pam.d`)
|
||||
"cosmic-greeter", // Service name, decides which policy is used (see `/etc/pam.d`)
|
||||
Some(&passwd.name), // Optional preset user name
|
||||
Conversation::new(), // Handler for user interaction
|
||||
)
|
||||
|
|
|
|||
|
|
@ -83,8 +83,7 @@ pub fn pam_thread(username: String, conversation: Conversation) -> Result<(), pa
|
|||
//TODO: send errors to GUI, restart process
|
||||
|
||||
// Create PAM context
|
||||
//TODO: search for and use custom context?
|
||||
let mut context = pam_client::Context::new("login", Some(&username), conversation)?;
|
||||
let mut context = pam_client::Context::new("cosmic-greeter", Some(&username), conversation)?;
|
||||
|
||||
// Authenticate the user (ask for password, 2nd-factor token, fingerprint, etc.)
|
||||
log::info!("authenticate");
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue