From 3bf88b434d231231bbbcb9a9d34eae91778016cf Mon Sep 17 00:00:00 2001 From: Cullum Smith Date: Sat, 7 Dec 2024 09:46:11 -0500 Subject: fixes for laptops --- files/etc/pam.d/kde.roadwarrior_laptop | 6 ++++++ files/etc/pam.d/sddm.freebsd | 1 + files/etc/pam.d/sddm.roadwarrior_laptop | 19 +++++++++++++++++++ 3 files changed, 26 insertions(+) create mode 100644 files/etc/pam.d/kde.roadwarrior_laptop create mode 100644 files/etc/pam.d/sddm.roadwarrior_laptop (limited to 'files/etc/pam.d') diff --git a/files/etc/pam.d/kde.roadwarrior_laptop b/files/etc/pam.d/kde.roadwarrior_laptop new file mode 100644 index 0000000..f28d9e1 --- /dev/null +++ b/files/etc/pam.d/kde.roadwarrior_laptop @@ -0,0 +1,6 @@ +auth optional /usr/local/lib/security/pam_krb5.so try_first_pass +auth required pam_exec.so return_prog_exit_status expose_authtok use_first_pass /usr/local/libexec/unix-selfauth-helper + +account required /usr/local/lib/security/pam_krb5.so +account required pam_login_access.so nodefgroup +account required pam_unix.so diff --git a/files/etc/pam.d/sddm.freebsd b/files/etc/pam.d/sddm.freebsd index c222750..cebac04 100644 --- a/files/etc/pam.d/sddm.freebsd +++ b/files/etc/pam.d/sddm.freebsd @@ -3,6 +3,7 @@ # if we want pam_kwallet5 to execute. # Hence, for sddm, we try krb5 only (no local accounts). auth sufficient pam_self.so no_warn +auth required pam_unix.so auth required /usr/local/lib/security/pam_krb5.so try_first_pass auth optional pam_exec.so /usr/local/libexec/pam-create-local-homedir auth optional pam_kwallet5.so diff --git a/files/etc/pam.d/sddm.roadwarrior_laptop b/files/etc/pam.d/sddm.roadwarrior_laptop new file mode 100644 index 0000000..0922e95 --- /dev/null +++ b/files/etc/pam.d/sddm.roadwarrior_laptop @@ -0,0 +1,19 @@ +auth sufficient pam_self.so no_warn +auth optional /usr/local/lib/security/pam_krb5.so try_first_pass +auth required pam_unix.so try_first_pass +auth optional pam_kwallet5.so + +account requisite pam_securetty.so +account required pam_nologin.so +account required /usr/local/lib/security/pam_krb5.so +account required pam_login_access.so nodefgroup +account required pam_unix.so + +session required pam_lastlog.so no_fail +session required pam_xdg.so no_fail +session required /usr/local/lib/security/pam_krb5.so +session optional /usr/local/lib/pam_mkhomedir.so mode=0700 +session optional pam_kwallet5.so auto_start + +password required pam_unix.so no_warn try_first_pass +password optional /usr/local/lib/security/pam_krb5.so try_first_pass -- cgit v1.2.3