Added PAM support for MacOS

instfiles/Makefile.am

@@ -78,6 +78,10 @@ SUBDIRS += \
   pulse
 endif
 
+if MACOS
+SUBDIRS += pam.d
+endif
+
 #
 # install-data-hook for each platform
 # TODO: subst these directories as well as service files

instfiles/pam.d/Makefile.am

@@ -3,6 +3,7 @@ PAM_FILES = \
   xrdp-sesman.redhat \
   xrdp-sesman.suse \
   xrdp-sesman.freebsd \
+  xrdp-sesman.macos \
   xrdp-sesman.unix
 
 EXTRA_DIST = $(PAM_FILES) mkpamrules

instfiles/pam.d/mkpamrules

@@ -30,6 +30,11 @@ guess_rules ()
     return
   fi
 
+  if test -s "$pamdir/authorization"; then
+    rules="macos"
+    return
+  fi
+
   rules="unix"
   return
 }

instfiles/pam.d/xrdp-sesman.macos

@@ -0,0 +1,12 @@
+# xrdp-sesman: auth account password session
+# based on Apple's sshd PAM configuration
+auth       optional       pam_krb5.so use_kcminit
+auth       optional       pam_ntlm.so try_first_pass
+auth       optional       pam_mount.so try_first_pass
+auth       required       pam_opendirectory.so try_first_pass
+account    required       pam_nologin.so
+account    required       pam_sacl.so sacl_service=ssh
+account    required       pam_opendirectory.so
+password   required       pam_opendirectory.so
+session    required       pam_launchd.so
+session    optional       pam_mount.so