aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDiego Elio 'Flameeyes' Pettenò <flameeyes@gmail.com>2010-07-23 15:59:44 +0200
committerDiego Elio 'Flameeyes' Pettenò <flameeyes@gmail.com>2010-07-23 15:59:44 +0200
commit736f9b9f43c2468dd0cb5c5343cb8969d5492a4d (patch)
tree74950657d26fb7e78b254ca64e1acbbd69cca32d /system-session.inc
parentImprove handling of services and the session chain. (diff)
downloadpambase-736f9b9f43c2468dd0cb5c5343cb8969d5492a4d.tar.gz
pambase-736f9b9f43c2468dd0cb5c5343cb8969d5492a4d.tar.bz2
pambase-736f9b9f43c2468dd0cb5c5343cb8969d5492a4d.zip
Add support for pam_krb5 module for Kerberos authentication.
This implements drop-in support for Kerberos (pam_krb5) in Gentoo systems; if the kerberos USE flag has been enabled, it'll use pam_krb5 for login, ignoring pam_unix, but no other module in the chain. It requires Linux-PAM.
Diffstat (limited to 'system-session.inc')
-rw-r--r--system-session.inc12
1 files changed, 12 insertions, 0 deletions
diff --git a/system-session.inc b/system-session.inc
index 9d4aea1..2ba6964 100644
--- a/system-session.inc
+++ b/system-session.inc
@@ -7,7 +7,19 @@ session required pam_env.so DEBUG
#if HAVE_MKTEMP
session optional pam_mktemp.so
#endif
+
+/* Only Linux-PAM supports session chain for pam_unix; but if it were
+ to not support it for whatever reason, still execute pam_krb5, with
+ sufficient level instead. */
#if SUPPORT_UNIX_SESSION
+# if HAVE_KRB5
+session KRB5_CONTROL pam_krb5.so KRB5_PARAMS
+# endif
session required pam_unix.so DEBUG
+#else
+# if HAVE_KRB5
+session sufficient pam_krb5.so KRB5_PARAMS
+# endif
#endif
+
session optional pam_permit.so