From d518bf66f9630aeb1995e8e3f39a78b9261d9433 Mon Sep 17 00:00:00 2001
From: Matteo Pasotti <matteo@mageia.org>
Date: Fri, 4 Jan 2013 16:05:27 +0000
Subject: - AdminPanel/Privileges.pm: added support to pam / consolehelper -
 extras/README: added info to configure pam for apanel - apanel.pl: using pam
 as default

---
 AdminPanel/Privileges.pm |  8 ++++++--
 apanel.pl                |  2 +-
 extras/README            | 25 +++++++++++++++++++++++++
 3 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/AdminPanel/Privileges.pm b/AdminPanel/Privileges.pm
index b1d4ef74..f6db9d41 100644
--- a/AdminPanel/Privileges.pm
+++ b/AdminPanel/Privileges.pm
@@ -28,13 +28,17 @@ use English qw(-no_match_vars);
 our @EXPORT = qw(require_root_capability
          ask_for_authentication
          $USE_SUDO
-         $USE_PKIT);
+         $USE_PKIT
+         $USE_CHLP);
 
 our $USE_SUDO = 1;
 our $USE_PKIT = 2;
+our $USE_CHLP = 3;
 
 my $wrappers = { $USE_SUDO => "sudo",
-                 $USE_PKIT => "pkexec" };
+                 $USE_PKIT => "pkexec",
+                 $USE_CHLP => "consolehelper"
+               };
 
 my $wrapper = 0;
 
diff --git a/apanel.pl b/apanel.pl
index 98838a22..03c59849 100755
--- a/apanel.pl
+++ b/apanel.pl
@@ -30,7 +30,7 @@ my $cmdline = new yui::YCommandLine;
 
 usage() if($cmdline->find("--help") > 0 || $cmdline->find("-h") > 0);
 
-ask_for_authentication($USE_PKIT) if(require_root_capability());
+ask_for_authentication($USE_CHLP) if(require_root_capability());
 
 my $mainWin = new MainDisplay();
 my $launch = $mainWin->start();
diff --git a/extras/README b/extras/README
index a0b62415..8bb98c56 100644
--- a/extras/README
+++ b/extras/README
@@ -8,6 +8,31 @@ After that you have to make a symbolic link to apanel.pl into /usr/bin/  (i.e. /
 
 This settings will be automatically handled at rpm installation time in future/production.
 
+Configure pam
+-------------
+
+1. symlink /usr/bin/consolehelper -> /usr/bin/apanel
+2. create /etc/pam.d/apanel and populate it with the code below:
+#%PAM-1.0
+auth       sufficient   pam_rootok.so
+auth       required     pam_console.so
+auth       sufficient   pam_timestamp.so
+auth       include      system-auth
+account    required     pam_permit.so
+session    optional     pam_timestamp.so
+session    optional     pam_xauth.so
+
+auth    required        pam_succeed_if.so       quiet user != xguest
+
+3. create /etc/security/console.apps/apanel and populate it with the code below:
+USER=root
+PROGRAM=<absolute/path/to/apanel.pl>
+
+4. authorize apanel to use the display
+xhost local:root
+
+5. setup apanel.pl to use consolehelper backend ($USE_CHLP)
+
 Add AdminPanel to the include path (for developers)
 ---------------------------------------------------
 
-- 
cgit v1.2.1