summaryrefslogtreecommitdiffstats
path: root/kde/post-install
diff options
context:
space:
mode:
author Eric Hameleers <alien@slackware.com>2020-05-26 13:25:55 +0200
committer Eric Hameleers <alien@slackware.com>2020-05-26 13:25:55 +0200
commit3c5eca74e04fad95927a07e13eec0744f407584d (patch)
tree4361c2ee886009ce369363cea0d3d54949f4eae8 /kde/post-install
parent7db7710238ce4440d28d09ec56eea8122c77a37f (diff)
downloadktown-3c5eca74e04fad95927a07e13eec0744f407584d.tar.gz
ktown-3c5eca74e04fad95927a07e13eec0744f407584d.tar.xz
SDDM: updated PAM configs allow root login
Diffstat (limited to 'kde/post-install')
-rw-r--r--kde/post-install/sddm-qt5/pam.d/sddm31
-rw-r--r--kde/post-install/sddm-qt5/pam.d/sddm-autologin36
-rw-r--r--kde/post-install/sddm-qt5/pam.d/sddm-greeter14
3 files changed, 50 insertions, 31 deletions
diff --git a/kde/post-install/sddm-qt5/pam.d/sddm b/kde/post-install/sddm-qt5/pam.d/sddm
index bb435ce..f0b2345 100644
--- a/kde/post-install/sddm-qt5/pam.d/sddm
+++ b/kde/post-install/sddm-qt5/pam.d/sddm
@@ -1,16 +1,25 @@
#%PAM-1.0
-auth substack login
--auth optional pam_gnome_keyring.so
--auth optional pam_kwallet5.so
+auth substack system-auth
-account include login
+# Uncomment this line to restrict login to users with a UID greater
+# than 999 (in other words, don't allow login for root):
+#auth required pam_succeed_if.so uid >= 1000 quiet
-password substack login
--password optional pam_gnome_keyring.so use_authtok
--password optional pam_kwallet5.so use_authtok
+-auth optional pam_gnome_keyring.so
+-auth optional pam_kwallet5.so
+auth include postlogin
-session optional pam_keyinit.so force revoke
-session substack login
--session optional pam_gnome_keyring.so auto_start
--session optional pam_kwallet5.so auto_start
+account include system-auth
+
+password substack system-auth
+-password optional pam_gnome_keyring.so use_authtok
+-password optional pam_kwallet5.so use_authtok
+
+session optional pam_keyinit.so force revoke
+session substack system-auth
+session required pam_loginuid.so
+session optional pam_ck_connector.so nox11
+-session optional pam_gnome_keyring.so auto_start
+-session optional pam_kwallet5.so auto_start
+session include postlogin
diff --git a/kde/post-install/sddm-qt5/pam.d/sddm-autologin b/kde/post-install/sddm-qt5/pam.d/sddm-autologin
index fe410bb..fd926ef 100644
--- a/kde/post-install/sddm-qt5/pam.d/sddm-autologin
+++ b/kde/post-install/sddm-qt5/pam.d/sddm-autologin
@@ -1,14 +1,24 @@
#%PAM-1.0
-auth required pam_env.so
-auth include system-auth
-auth include postlogin
--auth optional pam_gnome_keyring.so
--auth optional pam_kwallet5.so
-account include system-auth
-password include system-auth
-session include system-auth
-session required pam_loginuid.so
-session optional pam_ck_connector.so nox11
-session include postlogin
--session optional pam_gnome_keyring.so auto_start
--session optional pam_kwallet5.so auto_start
+auth requisite pam_nologin.so
+auth required pam_env.so
+auth required pam_shells.so
+
+# Uncomment this line to restrict autologin to users with a UID greater
+# than 999 (in other words, don't allow autologin for root):
+#auth required pam_succeed_if.so uid >= 1000 quiet
+
+auth required pam_permit.so
+-auth optional pam_gnome_keyring.so
+-auth optional pam_kwallet5.so
+
+account include system-auth
+
+password include system-auth
+
+session substack system-auth
+session required pam_loginuid.so
+session optional pam_ck_connector.so nox11
+-session optional pam_gnome_keyring.so auto_start
+-session optional pam_kwallet5.so auto_start
+session include postlogin
+
diff --git a/kde/post-install/sddm-qt5/pam.d/sddm-greeter b/kde/post-install/sddm-qt5/pam.d/sddm-greeter
index 7c77b68..c7bd8a3 100644
--- a/kde/post-install/sddm-qt5/pam.d/sddm-greeter
+++ b/kde/post-install/sddm-qt5/pam.d/sddm-greeter
@@ -1,18 +1,18 @@
#%PAM-1.0
# Load environment from /etc/environment and ~/.pam_environment
-auth required pam_env.so
+auth required pam_env.so
# Always let the greeter start without authentication
-auth required pam_permit.so
+auth required pam_permit.so
# No action required for account management
-account required pam_permit.so
+account required pam_permit.so
# Can't change password
-password required pam_deny.so
+password required pam_deny.so
# Setup session
-session required pam_unix.so
-session optional pam_systemd.so
-session optional pam_elogind.so
+session required pam_unix.so
+-session optional pam_systemd.so
+-session optional pam_elogind.so