From f450ba4056f3af0d17aeb1e5534619ce2231b63d Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 19:43:08 +0200
Subject: Adding debian version 43.0-3.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 debian/gdm3.gdm-smartcard-pkcs11-exclusive.pam | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 debian/gdm3.gdm-smartcard-pkcs11-exclusive.pam

(limited to 'debian/gdm3.gdm-smartcard-pkcs11-exclusive.pam')

diff --git a/debian/gdm3.gdm-smartcard-pkcs11-exclusive.pam b/debian/gdm3.gdm-smartcard-pkcs11-exclusive.pam
new file mode 100644
index 0000000..a6ee7b1
--- /dev/null
+++ b/debian/gdm3.gdm-smartcard-pkcs11-exclusive.pam
@@ -0,0 +1,26 @@
+#%PAM-1.0
+auth    [success=ok user_unknown=ignore default=bad] pam_succeed_if.so user != root quiet_success
+auth    required        pam_pkcs11.so
+auth    required        pam_succeed_if.so user != root quiet_success
+auth    requisite       pam_nologin.so
+auth    optional        pam_gnome_keyring.so
+
+@include common-account
+# SELinux needs to be the first session rule. This ensures that any
+# lingering context has been cleared. Without this it is possible
+# that a module could execute code in the wrong domain.
+session [success=ok ignore=ignore module_unknown=ignore default=bad]        pam_selinux.so close
+session required        pam_loginuid.so
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+# pam_selinux.so changes the SELinux context of the used TTY and configures
+# SELinux in order to transition to the user context with the next execve()
+# call.
+session [success=ok ignore=ignore module_unknown=ignore default=bad]        pam_selinux.so open
+session optional        pam_keyinit.so force revoke
+session required        pam_limits.so
+session required        pam_env.so readenv=1
+session required        pam_env.so readenv=1 envfile=/etc/default/locale
+@include common-session
+session optional        pam_gnome_keyring.so auto_start
-- 
cgit v1.2.3