|
123456789101112131415161718192021222324252627282930313233343536 |
- #%PAM-1.0
-
- # Block login if they are globally disabled
- auth requisite pam_nologin.so
-
- @include common-auth
-
- -auth optional pam_gnome_keyring.so
-
- @include common-account
-
- # SELinux needs to be the first session rule. This ensures that any
- # lingering context has been cleared. Without out this it is possible
- # that a module could execute code in the wrong domain.
- # When the module is present, "required" would be sufficient (When SELinux
- # is disabled, this returns success.)
- session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
-
- session required pam_limits.so
- session required pam_loginuid.so
- @include common-session
-
- # Load environment from /etc/environment and ~/.pam_environment
- session required pam_env.so readenv=1
- session required pam_env.so readenv=1 envfile=/etc/default/locale
-
- # SELinux needs to intervene at login time to ensure that the process
- # starts in the proper default security context. Only sessions which are
- # intended to run in the user's context should be run after this.
- session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
- # When the module is present, "required" would be sufficient (When SELinux
- # is disabled, this returns success.)
-
- -session optional pam_gnome_keyring.so auto_start
-
- @include common-password
|