Group :: Graphical desktop/Other
RPM: lightdm
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
Patch: lightdm-1.32.0-alt-pam-2.0.patch
Download
Download
data/.pam_environment | 1 +
data/Makefile.am | 4 ++++
data/pam/lightdm | 37 ++++++++++++++++++-------------------
data/pam/lightdm-autologin | 21 +++++++++------------
data/pam/lightdm-greeter | 27 ++++++++++++---------------
5 files changed, 44 insertions(+), 46 deletions(-)
diff --git a/data/.pam_environment b/data/.pam_environment
new file mode 100644
index 00000000..2e68c9bc
--- /dev/null
+++ b/data/.pam_environment
@@ -0,0 +1 @@
+GDK_CORE_DEVICE_EVENTS=true
diff --git a/data/Makefile.am b/data/Makefile.am
index 7f7b4a3f..c920bcaa 100644
--- a/data/Makefile.am
+++ b/data/Makefile.am
@@ -12,6 +12,10 @@ dist_pam_DATA = pam/lightdm \
pam/lightdm-autologin \
pam/lightdm-greeter
+localstatedir = /var/lib
+pkglocalstatedir = $(localstatedir)/ldm
+pkglocalstate_DATA = .pam_environment
+
completionsdir = $(datadir)/bash-completion/completions
dist_completions_DATA = bash-completion/dm-tool bash-completion/lightdm
diff --git a/data/pam/lightdm b/data/pam/lightdm
index fed8a9b4..cf39cd7e 100644
--- a/data/pam/lightdm
+++ b/data/pam/lightdm
@@ -1,20 +1,19 @@
#%PAM-1.0
-
-# Block login if they are globally disabled
-auth required pam_nologin.so
-
-# Load environment from /etc/environment and ~/.pam_environment
-auth required pam_env.so
-
-# Use /etc/passwd and /etc/shadow for passwords
-auth required pam_unix.so
-
-# Check account is active, change password if required
-account required pam_unix.so
-
-# Allow password to be changed
-password required pam_unix.so
-
-# Setup session
-session required pam_unix.so
-session optional pam_systemd.so
+auth required pam_shells.so
+auth required pam_succeed_if.so quiet uid ne 0
+auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
+auth substack common-login
+-auth optional pam_gnome_keyring.so
+-auth optional pam_mate_keyring.so
+-auth optional pam_kwallet.so
+-auth optional pam_kwallet5.so
+account include common-login
+password include common-login
+session substack common-login
+session optional pam_console.so
+-session optional pam_ck_connector.so
+session required pam_namespace.so
+-session optional pam_gnome_keyring.so auto_start
+-session optional pam_mate_keyring.so auto_start
+-session optional pam_kwallet.so auto_start
+-session optional pam_kwallet5.so auto_start
diff --git a/data/pam/lightdm-autologin b/data/pam/lightdm-autologin
index 157f469f..011bf432 100644
--- a/data/pam/lightdm-autologin
+++ b/data/pam/lightdm-autologin
@@ -1,22 +1,19 @@
#%PAM-1.0
# Block login if shell in nologin or false
-auth required pam_succeed_if.so shell notin /sbin/nologin:/usr/sbin/nologin:/bin/false:/usr/bin/false
+auth required pam_succeed_if.so shell notin /sbin/nologin:/usr/sbin/nologin:/bin/false:/usr/bin/false
# Block login if they are globally disabled
-auth required pam_nologin.so
-
-# Load environment from /etc/environment and ~/.pam_environment
-auth required pam_env.so
+auth required pam_nologin.so
# Allow access without authentication
-auth required pam_permit.so
+auth required pam_permit.so
-# Stop autologin if account requires action
-account required pam_unix.so
+account include common-login
# Can't change password
-password required pam_deny.so
+password required pam_deny.so
-# Setup session
-session required pam_unix.so
-session optional pam_systemd.so
+session substack common-login
+session optional pam_console.so
+-session optional pam_ck_connector.so
+session required pam_namespace.so
diff --git a/data/pam/lightdm-greeter b/data/pam/lightdm-greeter
index 9a6862b5..941c7efc 100644
--- a/data/pam/lightdm-greeter
+++ b/data/pam/lightdm-greeter
@@ -1,17 +1,14 @@
#%PAM-1.0
-# Load environment from /etc/environment and ~/.pam_environment
-auth required pam_env.so
-
-# Always let the greeter start without authentication
-auth required pam_permit.so
-
-# No action required for account management
-account required pam_permit.so
-
-# Can't change password
-password required pam_deny.so
-
-# Setup session
-session required pam_unix.so
-session optional pam_systemd.so
+account required pam_nologin.so
+account required pam_succeed_if.so audit quiet_success user = _ldm
+account required pam_permit.so
+auth required pam_env.so
+auth required pam_succeed_if.so audit quiet_success user = _ldm
+auth required pam_permit.so
+password required pam_deny.so
+session required pam_loginuid.so
+-session required pam_systemd.so class=greeter
+session required pam_succeed_if.so audit quiet_success user = _ldm
+session required pam_env.so user_readenv=1
+session required pam_permit.so