[netatalk] fixes #501144 - updated and redirected pam config

[Jiri Skala]

commit 5aa8bc7dd9686fb5f94775307a8d7ff347d0b836
Author: Jiri Skala <jskala at redhat.com>
Date:   Tue Nov 29 14:16:00 2011 +0100

    fixes #501144 - updated and redirected pam config

 netatalk.pam-system-auth |   17 ++++++++++++-----
 netatalk.spec            |    8 ++++++--
 2 files changed, 18 insertions(+), 7 deletions(-)
---
diff --git a/netatalk.pam-system-auth b/netatalk.pam-system-auth
index 8147016..c6bc86d 100644
--- a/netatalk.pam-system-auth
+++ b/netatalk.pam-system-auth
@@ -1,10 +1,17 @@
-# /etc/pam.d/netatalk
-#
-# PAM configuration file for netatalk using system-auth substack
-# (this would enable use of netatalk by LDAP or NIS users).
-#
+#%PAM-1.0
+auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
 auth       include      system-auth
 account    required     pam_nologin.so
 account    include      system-auth
 password   include      system-auth
+# pam_selinux.so close should be the first session rule
+session    required     pam_selinux.so close
+session    required     pam_loginuid.so
+session    optional     pam_console.so
+# pam_selinux.so open should only be followed by sessions to be executed in the
+user context
+session    required     pam_selinux.so open
+session    required     pam_namespace.so
+session    optional     pam_keyinit.so force revoke
 session    include      system-auth
+session    optional     pam_ck_connector.so
diff --git a/netatalk.spec b/netatalk.spec
index 1fbae63..2852ea9 100644
--- a/netatalk.spec
+++ b/netatalk.spec
@@ -1,7 +1,7 @@
 Summary: Daemon which provides POSIX-compliant *NIX/*BSD systems with the ability to share files and printers with Apple Macintosh
 Name:    netatalk
 Version: 2.2.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 Epoch:   4
 License: GPLv2+
 Group:   System Environment/Daemons
@@ -102,7 +102,8 @@ cp -fp config/papd.conf $RPM_BUILD_ROOT%{_sysconfdir}/netatalk
 mkdir -p $RPM_BUILD_ROOT/usr/share/netatalk
 cp -fp etc/psf/pagecount.ps $RPM_BUILD_ROOT/usr/share/netatalk
 
-cp -fp %{SOURCE2} config.example
+install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/netatalk
+
 # XXX bad hack until this file is updated in glibc-headers:
 rm -f $RPM_BUILD_ROOT/usr/include/netatalk/at.h
 
@@ -162,6 +163,9 @@ fi
 %{_mandir}/man*/netatalk-config.1*
 
 %changelog
+* Tue Nov 29 2011 Jiri Skala <jskala at redhat.com> - 4:2.2.1-2
+- fixes #501144 - updated and redirected pam config
+
 * Tue Nov 29 2011 Jiri Skala <jskala at redhat.com> - 4:2.2.1-1
 - update to latest upstream netatalk-2.2.1