From 736f9b9f43c2468dd0cb5c5343cb8969d5492a4d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Diego=20Elio=20=27Flameeyes=27=20Petten=C3=B2?=
 <flameeyes@gmail.com>
Date: Fri, 23 Jul 2010 15:59:44 +0200
Subject: Add support for pam_krb5 module for Kerberos authentication.

This implements drop-in support for Kerberos (pam_krb5) in Gentoo systems;
if the kerberos USE flag has been enabled, it'll use pam_krb5 for login,
ignoring pam_unix, but no other module in the chain.

It requires Linux-PAM.
---
 system-session.inc | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'system-session.inc')

diff --git a/system-session.inc b/system-session.inc
index 9d4aea1..2ba6964 100644
--- a/system-session.inc
+++ b/system-session.inc
@@ -7,7 +7,19 @@ session		required	pam_env.so DEBUG
 #if HAVE_MKTEMP
 session		optional	pam_mktemp.so
 #endif
+
+/* Only Linux-PAM supports session chain for pam_unix; but if it were
+   to not support it for whatever reason, still execute pam_krb5, with
+   sufficient level instead. */
 #if SUPPORT_UNIX_SESSION
+# if HAVE_KRB5
+session		KRB5_CONTROL	pam_krb5.so KRB5_PARAMS
+# endif
 session		required	pam_unix.so DEBUG
+#else
+# if HAVE_KRB5
+session		sufficient	pam_krb5.so KRB5_PARAMS
+# endif
 #endif
+
 session		optional	pam_permit.so
-- 
cgit v1.2.3