From 4d25bda84d9ed57efecb8a6444ef8d978f74b2d6 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Fri, 16 Jan 2015 09:46:26 -0500
Subject: [PATCH] Revert "pam: drop postlogin from fedora pam config"
This reverts commit 76d26d8c1c37c6bd38bcac082d5cc62670fe5d39.
It breaks pam_ecryptfs.
Downstream: https://bugzilla.redhat.com/show_bug.cgi?id=1174366
https://bugzilla.gnome.org/show_bug.cgi?id=743045
---
data/pam-redhat/gdm-autologin.pam | 2 ++
data/pam-redhat/gdm-fingerprint.pam | 2 ++
data/pam-redhat/gdm-launch-environment.pam | 2 ++
data/pam-redhat/gdm-password.pam | 2 ++
data/pam-redhat/gdm-pin.pam | 2 ++
data/pam-redhat/gdm-smartcard.pam | 2 ++
data/pam-redhat/gdm.pam | 3 +++
7 files changed, 15 insertions(+)
diff --git a/data/pam-redhat/gdm-autologin.pam b/data/pam-redhat/gdm-autologin.pam
index 08d4543..0616e66 100644
--- a/data/pam-redhat/gdm-autologin.pam
+++ b/data/pam-redhat/gdm-autologin.pam
@@ -1,14 +1,16 @@
#%PAM-1.0
auth required pam_env.so
auth required pam_permit.so
+auth include postlogin
account required pam_nologin.so
account include system-auth
password include system-auth
session required pam_selinux.so close
session required pam_loginuid.so
session optional pam_console.so
-session optional pam_ck_connector.so
session required pam_selinux.so open
session optional pam_keyinit.so force revoke
session required pam_namespace.so
session include system-auth
+session include postlogin
diff --git a/data/pam-redhat/gdm-fingerprint.pam b/data/pam-redhat/gdm-fingerprint.pam
index ee0635d..c5a3598 100644
--- a/data/pam-redhat/gdm-fingerprint.pam
+++ b/data/pam-redhat/gdm-fingerprint.pam
@@ -1,15 +1,17 @@
auth substack fingerprint-auth
+auth include postlogin
account required pam_nologin.so
account include fingerprint-auth
password include fingerprint-auth
session required pam_selinux.so close
session required pam_loginuid.so
session optional pam_console.so
-session optional pam_ck_connector.so
session required pam_selinux.so open
session optional pam_keyinit.so force revoke
session required pam_namespace.so
session include fingerprint-auth
+session include postlogin
diff --git a/data/pam-redhat/gdm-launch-environment.pam b/data/pam-redhat/gdm-launch-environment.pam
index f1811f1..a5130ea 100644
--- a/data/pam-redhat/gdm-launch-environment.pam
+++ b/data/pam-redhat/gdm-launch-environment.pam
@@ -1,7 +1,9 @@
#%PAM-1.0
auth required pam_env.so
auth required pam_permit.so
+auth include postlogin
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
+session include postlogin
diff --git a/data/pam-redhat/gdm-password.pam b/data/pam-redhat/gdm-password.pam
index b95ca16..3006d0c 100644
--- a/data/pam-redhat/gdm-password.pam
+++ b/data/pam-redhat/gdm-password.pam
@@ -1,19 +1,21 @@
auth [success=done ignore=ignore default=bad] pam_selinux_permit.so
auth substack password-auth
auth optional pam_gnome_keyring.so
+auth include postlogin
account required pam_nologin.so
account include password-auth
password substack password-auth
-password optional pam_gnome_keyring.so use_authtok
session required pam_selinux.so close
session required pam_loginuid.so
session optional pam_console.so
-session optional pam_ck_connector.so
session required pam_selinux.so open
session optional pam_keyinit.so force revoke
session required pam_namespace.so
session include password-auth
session optional pam_gnome_keyring.so auto_start
+session include postlogin
diff --git a/data/pam-redhat/gdm-pin.pam b/data/pam-redhat/gdm-pin.pam
index d0a4e71..7594653 100644
--- a/data/pam-redhat/gdm-pin.pam
+++ b/data/pam-redhat/gdm-pin.pam
@@ -1,20 +1,22 @@
auth [success=done ignore=ignore default=bad] pam_selinux_permit.so
auth requisite pam_pin.so
auth substack password-auth
auth optional pam_gnome_keyring.so
+auth include postlogin
account required pam_nologin.so
account include password-auth
password include password-auth
password optional pam_pin.so
session required pam_selinux.so close
session required pam_loginuid.so
session optional pam_console.so
-session optional pam_ck_connector.so
session required pam_selinux.so open
session optional pam_keyinit.so force revoke
session required pam_namespace.so
session include password-auth
session optional pam_gnome_keyring.so auto_start
+session include postlogin
diff --git a/data/pam-redhat/gdm-smartcard.pam b/data/pam-redhat/gdm-smartcard.pam
index d49eef9..c91cf0d 100644
--- a/data/pam-redhat/gdm-smartcard.pam
+++ b/data/pam-redhat/gdm-smartcard.pam
@@ -1,15 +1,17 @@
auth substack smartcard-auth
+auth include postlogin
account required pam_nologin.so
account include smartcard-auth
password include smartcard-auth
session required pam_selinux.so close
session required pam_loginuid.so
session optional pam_console.so
-session optional pam_ck_connector.so
session required pam_selinux.so open
session optional pam_keyinit.so force revoke
session required pam_namespace.so
session include smartcard-auth
+session include postlogin
diff --git a/data/pam-redhat/gdm.pam b/data/pam-redhat/gdm.pam
index 9d95a51..baa058b 100644
--- a/data/pam-redhat/gdm.pam
+++ b/data/pam-redhat/gdm.pam
@@ -1,10 +1,13 @@
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
+auth include postlogin
auth include system-auth
+account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_loginuid.so
session optional pam_console.so
+session include postlogin
--
2.1.0