huge amount of fixes

author: Cullum Smith <cullum@sacredheartsc.com> 2024-10-15 23:35:53 -0400
committer: Cullum Smith <cullum@sacredheartsc.com> 2024-10-15 23:35:53 -0400
commit: 145668c3dd67c5271eddcb62d1e7843487d768a7 (patch)
tree: 4c7d563e9d320e6b122ee3dbf048d93eee6776c3 /files/etc/pam.d/sddm.freebsd
parent: b2af400a1098ebf445575d169e11a6717867045f (diff)
download: infrastructure-145668c3dd67c5271eddcb62d1e7843487d768a7.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/files/etc/pam.d/sddm.freebsd b/files/etc/pam.d/sddm.freebsd
new file mode 100644
index 0000000..ef359ff
--- /dev/null
+++ b/files/etc/pam.d/sddm.freebsd
@@ -0,0 +1,16 @@
+# NB: FreeBSD has no pam_stack.so or substack functionality, so we can't
+# try multiple authentication sources (like krb5 but fall back to pam_unix)
+# if we want pam_kwallet5 to execute.
+# Hence, for sddm, we try krb5 only (no local accounts).
+auth      required  /usr/local/lib/security/pam_krb5.so try_first_pass
+auth      optional  pam_exec.so /usr/local/libexec/pam-create-local-homedir
+auth      optional  pam_kwallet5.so
+
+account   required  /usr/local/lib/security/pam_krb5.so
+account   required  pam_login_access.so
+account   required  pam_unix.so
+
+session   required  pam_lastlog.so no_fail
+session   optional  pam_kwallet5.so auto_start
+
+password  required  /usr/local/lib/security/pam_krb5.so try_first_pass
author	Cullum Smith <cullum@sacredheartsc.com>	2024-10-15 23:35:53 -0400
committer	Cullum Smith <cullum@sacredheartsc.com>	2024-10-15 23:35:53 -0400
commit	145668c3dd67c5271eddcb62d1e7843487d768a7 (patch)
tree	4c7d563e9d320e6b122ee3dbf048d93eee6776c3 /files/etc/pam.d/sddm.freebsd
parent	b2af400a1098ebf445575d169e11a6717867045f (diff)
download	infrastructure-145668c3dd67c5271eddcb62d1e7843487d768a7.tar.gz