Tons of desktop fixes

6 files changed, 50 insertions, 36 deletions

diff --git a/files/etc/pam.d/cups.cups_server b/files/etc/pam.d/cups.cups_server
index b61c074..03c2763 100644
--- a/files/etc/pam.d/cups.cups_server
+++ b/files/etc/pam.d/cups.cups_server
@@ -1,8 +1,6 @@
-# auth
-auth    sufficient  /usr/local/lib/security/pam_krb5.so try_first_pass
-auth    required    pam_unix.so no_warn try_first_pass
+auth      sufficient  /usr/local/lib/security/pam_krb5.so try_first_pass
+auth      required    pam_unix.so no_warn try_first_pass
 
-# account
-account   required  /usr/local/lib/security/pam_krb5.so
-account   required  pam_login_access.so
-account   required  pam_unix.so
+account   required    /usr/local/lib/security/pam_krb5.so
+account   required    pam_login_access.so
+account   required    pam_unix.so
diff --git a/files/etc/pam.d/kde.freebsd b/files/etc/pam.d/kde.freebsd
index 2604c78..8f87b98 100644
--- a/files/etc/pam.d/kde.freebsd
+++ b/files/etc/pam.d/kde.freebsd
@@ -1,2 +1,5 @@
-auth     required    /usr/local/lib/security/pam_krb5.so try_first_pass
-account  required    /usr/local/lib/security/pam_krb5.so
+auth      required    /usr/local/lib/security/pam_krb5.so try_first_pass
+
+account   required    /usr/local/lib/security/pam_krb5.so
+account   required    pam_login_access.so
+account   required    pam_unix.so
diff --git a/files/etc/pam.d/login.freebsd b/files/etc/pam.d/login.freebsd
new file mode 100644
index 0000000..164fcb0
--- /dev/null
+++ b/files/etc/pam.d/login.freebsd
@@ -0,0 +1,16 @@
+auth      sufficient  pam_self.so   no_warn
+auth      sufficient  /usr/local/lib/security/pam_krb5.so try_first_pass
+auth      required    pam_unix.so   no_warn try_first_pass nullok
+
+account   requisite   pam_securetty.so
+account   required    pam_nologin.so
+account   required    /usr/local/lib/security/pam_krb5.so
+account   required    pam_login_access.so
+account   required    pam_unix.so
+
+session   required    pam_lastlog.so    no_fail
+session   required    pam_xdg.so
+session   required    /usr/local/lib/security/pam_krb5.so
+
+password  sufficient  /usr/local/lib/security/pam_krb5.so try_first_pass
+password  required    pam_unix.so no_warn try_first_pass
diff --git a/files/etc/pam.d/sddm.freebsd b/files/etc/pam.d/sddm.freebsd
index ef359ff..6a75823 100644
--- a/files/etc/pam.d/sddm.freebsd
+++ b/files/etc/pam.d/sddm.freebsd
@@ -2,15 +2,20 @@
 # try multiple authentication sources (like krb5 but fall back to pam_unix)
 # if we want pam_kwallet5 to execute.
 # Hence, for sddm, we try krb5 only (no local accounts).
-auth      required  /usr/local/lib/security/pam_krb5.so try_first_pass
-auth      optional  pam_exec.so /usr/local/libexec/pam-create-local-homedir
-auth      optional  pam_kwallet5.so
+auth      sufficient  pam_self.so no_warn
+auth      required    /usr/local/lib/security/pam_krb5.so try_first_pass
+auth      optional    pam_exec.so /usr/local/libexec/pam-create-local-homedir
+auth      optional    pam_kwallet5.so
 
-account   required  /usr/local/lib/security/pam_krb5.so
-account   required  pam_login_access.so
-account   required  pam_unix.so
+account   requisite   pam_securetty.so
+account   required    pam_nologin.so
+account   required    /usr/local/lib/security/pam_krb5.so
+account   required    pam_login_access.so
+account   required    pam_unix.so
 
-session   required  pam_lastlog.so no_fail
-session   optional  pam_kwallet5.so auto_start
+session   required    pam_lastlog.so no_fail
+session   required    pam_xdg.so no_fail
+session   required    /usr/local/lib/security/pam_krb5.so
+session   optional    pam_kwallet5.so auto_start
 
-password  required  /usr/local/lib/security/pam_krb5.so try_first_pass
+password  required    /usr/local/lib/security/pam_krb5.so try_first_pass
diff --git a/files/etc/pam.d/sshd.freebsd b/files/etc/pam.d/sshd.freebsd
index 57b281b..559a980 100644
--- a/files/etc/pam.d/sshd.freebsd
+++ b/files/etc/pam.d/sshd.freebsd
@@ -1,17 +1,13 @@
-# auth
-auth    sufficient  /usr/local/lib/security/pam_krb5.so try_first_pass
-auth    required    pam_unix.so no_warn try_first_pass
+auth      sufficient  /usr/local/lib/security/pam_krb5.so try_first_pass
+auth      required    pam_unix.so no_warn try_first_pass
 
-# account
-account   required  pam_nologin.so
-account   required  /usr/local/lib/security/pam_krb5.so
-account   required  pam_login_access.so
-account   required  pam_unix.so
+account   required    pam_nologin.so
+account   required    /usr/local/lib/security/pam_krb5.so
+account   required    pam_login_access.so
+account   required    pam_unix.so
 
-# session
-session   required  /usr/local/lib/security/pam_krb5.so
-session   required  pam_permit.so
+session   required    /usr/local/lib/security/pam_krb5.so
+session   required    pam_permit.so
 
-# password
 password  sufficient  /usr/local/lib/security/pam_krb5.so try_first_pass
 password  required    pam_unix.so no_warn try_first_pass
diff --git a/files/etc/pam.d/sudo.freebsd b/files/etc/pam.d/sudo.freebsd
index 425bf4e..6a6b0a4 100644
--- a/files/etc/pam.d/sudo.freebsd
+++ b/files/etc/pam.d/sudo.freebsd
@@ -1,15 +1,11 @@
-# auth
-auth    sufficient    /usr/local/lib/security/pam_krb5.so try_first_pass
-auth    required      pam_unix.so no_warn try_first_pass
+auth      sufficient  /usr/local/lib/security/pam_krb5.so try_first_pass
+auth      required    pam_unix.so no_warn try_first_pass
 
-# account
 account   required    /usr/local/lib/security/pam_krb5.so
 account   required    pam_login_access.so
 account   required    pam_unix.so
 
-# session
 account   required    pam_permit.so
 
-# password
 password  sufficient  /usr/local/lib/security/pam_krb5.so try_first_pass
 password  required    pam_unix.so no_warn try_first_pass