|
|
@@ -0,0 +1,36 @@ |
|
|
|
#%PAM-1.0 |
|
|
|
|
|
|
|
# Block login if they are globally disabled |
|
|
|
auth requisite pam_nologin.so |
|
|
|
|
|
|
|
@include common-auth |
|
|
|
|
|
|
|
-auth optional pam_gnome_keyring.so |
|
|
|
|
|
|
|
@include common-account |
|
|
|
|
|
|
|
# SELinux needs to be the first session rule. This ensures that any |
|
|
|
# lingering context has been cleared. Without out this it is possible |
|
|
|
# that a module could execute code in the wrong domain. |
|
|
|
# When the module is present, "required" would be sufficient (When SELinux |
|
|
|
# is disabled, this returns success.) |
|
|
|
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close |
|
|
|
|
|
|
|
session required pam_limits.so |
|
|
|
session required pam_loginuid.so |
|
|
|
@include common-session |
|
|
|
|
|
|
|
# Load environment from /etc/environment and ~/.pam_environment |
|
|
|
session required pam_env.so readenv=1 |
|
|
|
session required pam_env.so readenv=1 envfile=/etc/default/locale |
|
|
|
|
|
|
|
# SELinux needs to intervene at login time to ensure that the process |
|
|
|
# starts in the proper default security context. Only sessions which are |
|
|
|
# intended to run in the user's context should be run after this. |
|
|
|
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open |
|
|
|
# When the module is present, "required" would be sufficient (When SELinux |
|
|
|
# is disabled, this returns success.) |
|
|
|
|
|
|
|
-session optional pam_gnome_keyring.so auto_start |
|
|
|
|
|
|
|
@include common-password |