commit: 15b01074eef56e2c5e46739cd8ba12fea8d7fbcc Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Wed Dec 20 15:44:43 2023 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Wed Dec 20 15:47:15 2023 +0000 URL: https://gitweb.gentoo.org/proj/kde.git/commit/?id=15b01074
kde-plasma/kscreenlocker: first cut of new PAM configuration As with all of the masked KDE ebuilds, there is ** no warranty **. I've not yet runtime tested this. Don't use this yet on a machine where you rely on kscreenlocker behaving correctly for security. See https://community.kde.org/Plasma/Plasma_6.0_Release_notes#New_required_PAM_configuration and https://invent.kde.org/plasma/kscreenlocker/-/merge_requests/163. Signed-off-by: Sam James <sam <AT> gentoo.org> .../kscreenlocker/files/kscreenlocker-fingerprint.pam | 13 +++++++++++++ kde-plasma/kscreenlocker/files/kscreenlocker-password.pam | 9 +++++++++ kde-plasma/kscreenlocker/files/kscreenlocker-smartcard.pam | 13 +++++++++++++ kde-plasma/kscreenlocker/kscreenlocker-9999.ebuild | 6 ++++-- 4 files changed, 39 insertions(+), 2 deletions(-) diff --git a/kde-plasma/kscreenlocker/files/kscreenlocker-fingerprint.pam b/kde-plasma/kscreenlocker/files/kscreenlocker-fingerprint.pam new file mode 100644 index 0000000000..38267de65e --- /dev/null +++ b/kde-plasma/kscreenlocker/files/kscreenlocker-fingerprint.pam @@ -0,0 +1,13 @@ +#%PAM-1.0 + +auth required pam_shells.so +auth required pam_nologin.so +auth required pam_faillock.so preauth +auth required pam_fprintd.so +auth required pam_env.so + +account include system-local-login + +password include system-local-login + +session include system-local-login diff --git a/kde-plasma/kscreenlocker/files/kscreenlocker-password.pam b/kde-plasma/kscreenlocker/files/kscreenlocker-password.pam new file mode 100644 index 0000000000..ce9e84d588 --- /dev/null +++ b/kde-plasma/kscreenlocker/files/kscreenlocker-password.pam @@ -0,0 +1,9 @@ +#%PAM-1.0 + +auth include system-local-login + +account include system-local-login + +password include system-local-login + +session include system-local-login diff --git a/kde-plasma/kscreenlocker/files/kscreenlocker-smartcard.pam b/kde-plasma/kscreenlocker/files/kscreenlocker-smartcard.pam new file mode 100644 index 0000000000..f887c78234 --- /dev/null +++ b/kde-plasma/kscreenlocker/files/kscreenlocker-smartcard.pam @@ -0,0 +1,13 @@ +#%PAM-1.0 + +auth required pam_shells.so +auth required pam_nologin.so +auth required pam_faillock.so preauth +auth required pam_pkcs11.so wait_for_card card_only +auth required pam_env.so + +account include system-local-login + +password include system-local-login + +session include system-local-login diff --git a/kde-plasma/kscreenlocker/kscreenlocker-9999.ebuild b/kde-plasma/kscreenlocker/kscreenlocker-9999.ebuild index da6f0f9036..29c7cf2f72 100644 --- a/kde-plasma/kscreenlocker/kscreenlocker-9999.ebuild +++ b/kde-plasma/kscreenlocker/kscreenlocker-9999.ebuild @@ -74,6 +74,8 @@ src_test() { src_install() { ecm_src_install - newpamd "${FILESDIR}/kde.pam" kde - newpamd "${FILESDIR}/kde-np.pam" kde-np + local config + for config in kscreenlocker-{fingerprint,password,smartcard} ; do + newpamd "${FILESDIR}/${config}.pam" ${config} + done }