files/etc/pam.d/sddm.freebsd


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

# NB: FreeBSD has no pam_stack.so or substack functionality, so we can't
# try multiple authentication sources (like krb5 but fall back to pam_unix)
# if we want pam_kwallet5 to execute.
# Hence, for sddm, we try krb5 only (no local accounts).
auth      sufficient  pam_self.so no_warn
auth      required    pam_unix.so
auth      required    /usr/local/lib/security/pam_krb5.so try_first_pass
auth      optional    pam_exec.so /usr/local/libexec/pam-create-local-homedir
auth      optional    pam_kwallet5.so

account   requisite   pam_securetty.so
account   required    pam_nologin.so
account   required    /usr/local/lib/security/pam_krb5.so
account   required    pam_login_access.so nodefgroup
account   required    pam_unix.so

session   required    pam_lastlog.so no_fail
session   required    pam_xdg.so no_fail
session   required    /usr/local/lib/security/pam_krb5.so
session   optional    /usr/local/lib/pam_mkhomedir.so mode=0700
session   optional    pam_kwallet5.so auto_start

password  required    /usr/local/lib/security/pam_krb5.so try_first_pass