head	1.9;
access;
symbols
	RELENG_7_4_0_RELEASE:1.8.12.1
	RELENG_7_4:1.8.0.12
	RELENG_7_4_BP:1.8
	RELENG_7_3_0_RELEASE:1.8.10.1
	RELENG_7_3:1.8.0.10
	RELENG_7_3_BP:1.8
	RELENG_7_2_0_RELEASE:1.8.8.1
	RELENG_7_2:1.8.0.8
	RELENG_7_2_BP:1.8
	RELENG_7_1_0_RELEASE:1.8.6.1
	RELENG_6_4_0_RELEASE:1.7.24.1
	RELENG_7_1:1.8.0.6
	RELENG_7_1_BP:1.8
	RELENG_6_4:1.7.0.24
	RELENG_6_4_BP:1.7
	RELENG_7_0_0_RELEASE:1.8
	RELENG_6_3_0_RELEASE:1.7
	RELENG_7_0:1.8.0.4
	RELENG_7_0_BP:1.8
	RELENG_6_3:1.7.0.22
	RELENG_6_3_BP:1.7
	RELENG_7:1.8.0.2
	RELENG_7_BP:1.8
	RELENG_6_2_0_RELEASE:1.7
	RELENG_6_2:1.7.0.20
	RELENG_6_2_BP:1.7
	RELENG_5_5_0_RELEASE:1.7
	RELENG_5_5:1.7.0.18
	RELENG_5_5_BP:1.7
	RELENG_6_1_0_RELEASE:1.7
	RELENG_6_1:1.7.0.16
	RELENG_6_1_BP:1.7
	RELENG_6_0_0_RELEASE:1.7
	RELENG_6_0:1.7.0.14
	RELENG_6_0_BP:1.7
	RELENG_6:1.7.0.12
	RELENG_6_BP:1.7
	RELENG_5_4_0_RELEASE:1.7
	RELENG_5_4:1.7.0.10
	RELENG_5_4_BP:1.7
	RELENG_5_3_0_RELEASE:1.7
	RELENG_5_3:1.7.0.8
	RELENG_5_3_BP:1.7
	RELENG_5:1.7.0.6
	RELENG_5_BP:1.7
	RELENG_5_2_1_RELEASE:1.7
	RELENG_5_2_0_RELEASE:1.7
	RELENG_5_2:1.7.0.4
	RELENG_5_2_BP:1.7
	RELENG_5_1_0_RELEASE:1.7
	RELENG_5_1:1.7.0.2
	RELENG_5_1_BP:1.7
	RELENG_5_0_0_RELEASE:1.4
	RELENG_5_0:1.4.0.2
	RELENG_5_0_BP:1.4;
locks; strict;
comment	@# @;


1.9
date	2009.07.18.06.08.21;	author marcus;	state dead;
branches;
next	1.8;

1.8
date	2007.06.10.18.57.20;	author yar;	state Exp;
branches
	1.8.2.1
	1.8.6.1
	1.8.8.1
	1.8.10.1
	1.8.12.1;
next	1.7;

1.7
date	2003.04.30.21.57.54;	author markm;	state Exp;
branches
	1.7.12.1
	1.7.24.1;
next	1.6;

1.6
date	2003.03.08.09.50.11;	author markm;	state Exp;
branches;
next	1.5;

1.5
date	2003.02.10.00.50.03;	author des;	state Exp;
branches;
next	1.4;

1.4
date	2002.05.02.05.00.40;	author des;	state Exp;
branches;
next	1.3;

1.3
date	2002.04.18.17.40.27;	author des;	state Exp;
branches;
next	1.2;

1.2
date	2001.12.05.21.26.00;	author des;	state Exp;
branches;
next	1.1;

1.1
date	2001.12.05.21.06.21;	author des;	state Exp;
branches;
next	;

1.8.2.1
date	2012.11.17.08.01.18;	author svnexp;	state Exp;
branches;
next	;

1.8.6.1
date	2008.11.25.02.59.29;	author kensmith;	state Exp;
branches;
next	;

1.8.8.1
date	2009.04.15.03.14.26;	author kensmith;	state Exp;
branches;
next	;

1.8.10.1
date	2010.02.10.00.26.20;	author kensmith;	state Exp;
branches;
next	;

1.8.12.1
date	2010.12.21.17.10.29;	author kensmith;	state Exp;
branches;
next	1.8.12.2;

1.8.12.2
date	2012.11.17.08.16.37;	author svnexp;	state Exp;
branches;
next	;

1.7.12.1
date	2012.11.17.07.39.04;	author svnexp;	state Exp;
branches;
next	;

1.7.24.1
date	2008.10.02.02.57.24;	author kensmith;	state Exp;
branches;
next	;


desc
@@


1.9
log
@SVN rev 195750 on 2009-07-18 06:08:21Z by marcus

Remove this file.  It is no longer needed as x11/gdm provides its own
version under /usr/local/etc/pam.d.

Approved by:	re (kib)
@
text
@#
# $FreeBSD: src/etc/pam.d/gdm,v 1.8 2007/06/10 18:57:20 yar Exp $
#
# PAM configuration for the "gdm" service
#

# auth
#auth		sufficient	pam_krb5.so		no_warn try_first_pass
#auth		sufficient	pam_ssh.so		no_warn try_first_pass
auth		required	pam_unix.so		no_warn try_first_pass

# account
account		required	pam_nologin.so
#account 	required	pam_krb5.so
account		required	pam_unix.so

# session
#session 	optional	pam_ssh.so
session		required	pam_permit.so
@


1.8
log
@Now pam_nologin(8) will provide an account management function
instead of an authentication function.  There are a design reason
and a practical reason for that.  First, the module belongs in
account management because it checks availability of the account
and does no authentication.  Second, there are existing and potential
PAM consumers that skip PAM authentication for good or for bad.
E.g., sshd(8) just prefers internal routines for public key auth;
OTOH, cron(8) and atrun(8) do implicit authentication when running
a job on behalf of its owner, so their inability to use PAM auth
is fundamental, but they can benefit from PAM account management.

Document this change in the manpage.

Modify /etc/pam.d files accordingly, so that pam_nologin.so is listed
under the "account" function class.

Bump __FreeBSD_version (mostly for ports, as this change should be
invisible to C code outside pam_nologin.)

PR:		bin/112574
Approved by:	des, re
@
text
@d2 1
a2 1
# $FreeBSD$
@


1.8.2.1
log
@Switch importer
@
text
@d2 1
a2 1
# $FreeBSD: stable/7/etc/pam.d/gdm 170510 2007-06-10 18:57:20Z yar $
@


1.8.12.1
log
@SVN rev 216618 on 2010-12-21 17:10:29Z by kensmith

Copy stable/7 to releng/7.4 in preparation for FreeBSD-7.4 release.

Approved by:	re (implicit)
@
text
@@


1.8.12.2
log
@Switch importer
@
text
@d2 1
a2 1
# $FreeBSD: releng/7.4/etc/pam.d/gdm 170510 2007-06-10 18:57:20Z yar $
@


1.8.10.1
log
@SVN rev 203736 on 2010-02-10 00:26:20Z by kensmith

Copy stable/7 to releng/7.3 as part of the 7.3-RELEASE process.

Approved by:	re (implicit)
@
text
@@


1.8.8.1
log
@SVN rev 191087 on 2009-04-15 03:14:26Z by kensmith

Create releng/7.2 from stable/7 in preparation for 7.2-RELEASE.

Approved by:	re (implicit)
@
text
@@


1.8.6.1
log
@SVN rev 185281 on 2008-11-25 02:59:29Z by kensmith

Create releng/7.1 in preparation for moving into RC phase of 7.1 release
cycle.

Approved by:	re (implicit)
@
text
@@


1.7
log
@The PAM module pam_krb5 does not have "session" capabilities.
Don't give examples of such use, this is bogus.
@
text
@a7 1
auth		required	pam_nologin.so		no_warn
d13 1
@


1.7.12.1
log
@Switch importer
@
text
@d2 1
a2 1
# $FreeBSD: stable/6/etc/pam.d/gdm 114337 2003-04-30 21:57:54Z markm $
@


1.7.24.1
log
@SVN rev 183531 on 2008-10-02 02:57:24Z by kensmith

Create releng/6.4 from stable/6 in preparation for 6.4-RC1.

Approved by:	re (implicit)
@
text
@@


1.6
log
@Initiate KerberosIV de-orbit burn. Disconnect the /etc configs.
@
text
@a17 1
#session 	required	pam_krb5.so
@


1.5
log
@Major cleanup & homogenization.
@
text
@a8 1
#auth		sufficient	pam_kerberosIV.so	no_warn try_first_pass
a13 1
#account 	required	pam_kerberosIV.so
a17 1
#session 	required	pam_kerberosIV.so
@


1.4
log
@xdm plays horrid tricks with PAM, and dumps core if it's allowed to call
pam_lastlog, so add a dummy session chain to avoid using the one from
pam.d/other.  I assume gdm does something similar, so give it a dummy
session chain as well.

Sponsored by:	DARPA, NAI Labs.
@
text
@d2 1
a2 1
# $FreeBSD: src/etc/pam.d/gdm,v 1.3 2002/04/18 17:40:27 des Exp $
d8 5
a12 5
auth		required	pam_nologin.so	no_warn
#auth		sufficient	pam_kerberosIV.so	no_warn	try_first_pass
#auth		sufficient	pam_krb5.so	no_warn	try_first_pass
#auth		sufficient	pam_ssh.so	no_warn	try_first_pass
auth		required	pam_unix.so	no_warn	try_first_pass
d15 2
a16 2
#account	required	pam_kerberosIV.so
#account	required	pam_krb5.so
d20 3
a22 3
#session	required	pam_kerberosIV.so
#session	required	pam_krb5.so
#session	required	pam_ssh.so
a23 3

# password
password	required	pam_deny.so
@


1.3
log
@Don't list pam_unix in the session chain, since it does not provide any
session management services.

Sponsored by:	DARPA, NAI Labs
@
text
@d2 1
a2 1
# $FreeBSD: src/etc/pam.d/gdm,v 1.2 2001/12/05 21:26:00 des Exp $
d23 1
@


1.2
log
@Awright, egg on my face.  I should have taken more time with this.  The
conversion script generated the wrong format, so the configuration files
didn't actually work.  Good thing I hadn't thrown the switch yet...

Sponsored by:	DARPA, NAI Labs (but the f***ups are all mine)
@
text
@d2 1
a2 1
# $FreeBSD$
a22 1
session		required	pam_unix.so
@


1.1
log
@pam.d-style configuration, auto-generated from pam.conf.

Sponsored by:	DARPA, NAI Labs
@
text
@d8 5
a12 5
gdm	auth	required	pam_nologin.so	no_warn
#gdm	auth	sufficient	pam_kerberosIV.so	no_warn	try_first_pass
#gdm	auth	sufficient	pam_krb5.so	no_warn	try_first_pass
#gdm	auth	sufficient	pam_ssh.so	no_warn	try_first_pass
gdm	auth	required	pam_unix.so	no_warn	try_first_pass
d15 3
a17 3
#gdm	account	required	pam_kerberosIV.so
#gdm	account	required	pam_krb5.so
gdm	account	required	pam_unix.so
d20 4
a23 4
#gdm	session	required	pam_kerberosIV.so
#gdm	session	required	pam_krb5.so
#gdm	session	required	pam_ssh.so
gdm	session	required	pam_unix.so
d26 1
a26 1
gdm	password required	pam_deny.so
@

