Releasing debian version 0.5.0-1.
[debian/lxdm.git] / debian / lxdm.pam
CommitLineData
6da61772 1#%PAM-1.0
400ad8c1
AG
2# Comments stolen from lightdm-pam-file
3# Block login if they are globally disabled
6da61772 4auth requisite pam_nologin.so
400ad8c1
AG
5
6# Load environment from /etc/environment and ~/.pam_environment
6da61772
DB
7auth required pam_env.so readenv=1
8auth required pam_env.so readenv=1 envfile=/etc/default/locale
2dbbeed6 9auth required pam_env.so readenv=1 envfile=/etc/lxdm-environment
400ad8c1
AG
10
11# auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
6da61772
DB
12@include common-auth
13auth optional pam_gnome_keyring.so
14@include common-account
400ad8c1
AG
15
16# SELinux needs to be the first session rule. This ensures that any
17# lingering context has been cleared. Without out this it is possible
18# that a module could execute code in the wrong domain.
19# When the module is present, "required" would be sufficient (When SELinux
20# is disabled, this returns success.)
21#
6da61772 22session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
400ad8c1
AG
23
24session required pam_unix.so # added by klaumi
6da61772 25session required pam_limits.so
400ad8c1
AG
26session required pam_loginuid.so # added by klaumi
27# @include common-session-noninteractive # commented out by klaumi
28@include common-session # added by klaumi
29
30# SELinux needs to intervene at login time to ensure that the process
31# starts in the proper default security context. Only sessions which are
32# intended to run in the user's context should be run after this.
33# When the module is present, "required" would be sufficient (When SELinux
34# is disabled, this returns success.)
35#
6da61772 36session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
400ad8c1 37
6da61772 38session optional pam_gnome_keyring.so auto_start
400ad8c1 39
2dbbeed6
AG
40session optional pam_systemd.so
41
6da61772 42@include common-password