From 6effb1671a917adb3ed8f77f5e13324e8b455c32 Mon Sep 17 00:00:00 2001

From: Ray Strode <rstrode@redhat.com>

Date: Tue, 30 Jan 2018 10:32:08 -0500

Subject: [PATCH] data: drop pam_gdm, reintroduce pam_env/postlogin

The current upstream pam configuration upstream doesn't really

make sense in RHEL.

systemd doesn't handle /etc/environment on its own in RHEL and it

doesn't populate the kernel keyring with disk encrypt passwords,

so pam_gdm is not useful.

This commit restores the pam configuration to something closer to

what was shipped in 7.3

---

 data/pam-redhat/gdm-autologin.pam | 7 +++----

 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/data/pam-redhat/gdm-autologin.pam b/data/pam-redhat/gdm-autologin.pam

index c31ff27a..aa99e1b0 100644

--- a/data/pam-redhat/gdm-autologin.pam

+++ b/data/pam-redhat/gdm-autologin.pam

@@ -1,16 +1,15 @@

 #%PAM-1.0

-auth       [success=ok default=1] pam_gdm.so

--auth      optional    pam_gnome_keyring.so

-auth       sufficient  pam_permit.so

+auth       required    pam_env.so

+auth       required    pam_permit.so

+auth       include     postlogin

 account    required    pam_nologin.so

 account    include     system-auth

 password   include     system-auth

 session    required    pam_selinux.so close

 session    required    pam_loginuid.so

 session    optional    pam_console.so

 session    required    pam_selinux.so open

 session    optional    pam_keyinit.so force revoke

 session    required    pam_namespace.so

 session    include     system-auth

-session    optional    pam_gnome_keyring.so auto_start

 session    include     postlogin

-- 

2.14.3