From 3c5eca74e04fad95927a07e13eec0744f407584d Mon Sep 17 00:00:00 2001 From: Eric Hameleers Date: Tue, 26 May 2020 13:25:55 +0200 Subject: SDDM: updated PAM configs allow root login --- kde/post-install/sddm-qt5/pam.d/sddm | 31 ++++++++++++++-------- kde/post-install/sddm-qt5/pam.d/sddm-autologin | 36 ++++++++++++++++---------- kde/post-install/sddm-qt5/pam.d/sddm-greeter | 14 +++++----- 3 files changed, 50 insertions(+), 31 deletions(-) diff --git a/kde/post-install/sddm-qt5/pam.d/sddm b/kde/post-install/sddm-qt5/pam.d/sddm index bb435ce..f0b2345 100644 --- a/kde/post-install/sddm-qt5/pam.d/sddm +++ b/kde/post-install/sddm-qt5/pam.d/sddm @@ -1,16 +1,25 @@ #%PAM-1.0 -auth substack login --auth optional pam_gnome_keyring.so --auth optional pam_kwallet5.so +auth substack system-auth -account include login +# Uncomment this line to restrict login to users with a UID greater +# than 999 (in other words, don't allow login for root): +#auth required pam_succeed_if.so uid >= 1000 quiet -password substack login --password optional pam_gnome_keyring.so use_authtok --password optional pam_kwallet5.so use_authtok +-auth optional pam_gnome_keyring.so +-auth optional pam_kwallet5.so +auth include postlogin -session optional pam_keyinit.so force revoke -session substack login --session optional pam_gnome_keyring.so auto_start --session optional pam_kwallet5.so auto_start +account include system-auth + +password substack system-auth +-password optional pam_gnome_keyring.so use_authtok +-password optional pam_kwallet5.so use_authtok + +session optional pam_keyinit.so force revoke +session substack system-auth +session required pam_loginuid.so +session optional pam_ck_connector.so nox11 +-session optional pam_gnome_keyring.so auto_start +-session optional pam_kwallet5.so auto_start +session include postlogin diff --git a/kde/post-install/sddm-qt5/pam.d/sddm-autologin b/kde/post-install/sddm-qt5/pam.d/sddm-autologin index fe410bb..fd926ef 100644 --- a/kde/post-install/sddm-qt5/pam.d/sddm-autologin +++ b/kde/post-install/sddm-qt5/pam.d/sddm-autologin @@ -1,14 +1,24 @@ #%PAM-1.0 -auth required pam_env.so -auth include system-auth -auth include postlogin --auth optional pam_gnome_keyring.so --auth optional pam_kwallet5.so -account include system-auth -password include system-auth -session include system-auth -session required pam_loginuid.so -session optional pam_ck_connector.so nox11 -session include postlogin --session optional pam_gnome_keyring.so auto_start --session optional pam_kwallet5.so auto_start +auth requisite pam_nologin.so +auth required pam_env.so +auth required pam_shells.so + +# Uncomment this line to restrict autologin to users with a UID greater +# than 999 (in other words, don't allow autologin for root): +#auth required pam_succeed_if.so uid >= 1000 quiet + +auth required pam_permit.so +-auth optional pam_gnome_keyring.so +-auth optional pam_kwallet5.so + +account include system-auth + +password include system-auth + +session substack system-auth +session required pam_loginuid.so +session optional pam_ck_connector.so nox11 +-session optional pam_gnome_keyring.so auto_start +-session optional pam_kwallet5.so auto_start +session include postlogin + diff --git a/kde/post-install/sddm-qt5/pam.d/sddm-greeter b/kde/post-install/sddm-qt5/pam.d/sddm-greeter index 7c77b68..c7bd8a3 100644 --- a/kde/post-install/sddm-qt5/pam.d/sddm-greeter +++ b/kde/post-install/sddm-qt5/pam.d/sddm-greeter @@ -1,18 +1,18 @@ #%PAM-1.0 # Load environment from /etc/environment and ~/.pam_environment -auth required pam_env.so +auth required pam_env.so # Always let the greeter start without authentication -auth required pam_permit.so +auth required pam_permit.so # No action required for account management -account required pam_permit.so +account required pam_permit.so # Can't change password -password required pam_deny.so +password required pam_deny.so # Setup session -session required pam_unix.so -session optional pam_systemd.so -session optional pam_elogind.so +session required pam_unix.so +-session optional pam_systemd.so +-session optional pam_elogind.so -- cgit v1.2.3