diff options
author | Parnell Springmeyer <parnell@digitalmentat.com> | 2017-02-13 17:16:28 -0600 |
---|---|---|
committer | Parnell Springmeyer <parnell@digitalmentat.com> | 2017-02-13 17:16:28 -0600 |
commit | 9e36a58649199a16a15cba3c78966ab0538a6fd7 (patch) | |
tree | 289d50ecf1068cfac80bdeabdd34d2d42ecbd755 /nixos/modules/security/pam.nix | |
parent | 128bdac94fe8173845e162c61ddb83cb4b8ed8de (diff) | |
parent | 486b9be579fc1f046671ddaf1157f084ba956bdd (diff) | |
download | nixlib-9e36a58649199a16a15cba3c78966ab0538a6fd7.tar nixlib-9e36a58649199a16a15cba3c78966ab0538a6fd7.tar.gz nixlib-9e36a58649199a16a15cba3c78966ab0538a6fd7.tar.bz2 nixlib-9e36a58649199a16a15cba3c78966ab0538a6fd7.tar.lz nixlib-9e36a58649199a16a15cba3c78966ab0538a6fd7.tar.xz nixlib-9e36a58649199a16a15cba3c78966ab0538a6fd7.tar.zst nixlib-9e36a58649199a16a15cba3c78966ab0538a6fd7.zip |
Merging against upstream master
Diffstat (limited to 'nixos/modules/security/pam.nix')
-rw-r--r-- | nixos/modules/security/pam.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 3cc5db2fb9b3..e37c55aa1ac9 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -253,6 +253,8 @@ let "auth sufficient ${pkgs.pam_u2f}/lib/security/pam_u2f.so"} ${optionalString cfg.usbAuth "auth sufficient ${pkgs.pam_usb}/lib/security/pam_usb.so"} + ${let oath = config.security.pam.oath; in optionalString cfg.oathAuth + "auth requisite ${pkgs.oathToolkit}/lib/security/pam_oath.so window=${toString oath.window} usersfile=${toString oath.usersFile} digits=${toString oath.digits}"} '' + # Modules in this block require having the password set in PAM_AUTHTOK. # pam_unix is marked as 'sufficient' on NixOS which means nothing will run @@ -271,8 +273,6 @@ let "auth sufficient pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} likeauth try_first_pass"} ${optionalString cfg.otpwAuth "auth sufficient ${pkgs.otpw}/lib/security/pam_otpw.so"} - ${let oath = config.security.pam.oath; in optionalString cfg.oathAuth - "auth sufficient ${pkgs.oathToolkit}/lib/security/pam_oath.so window=${toString oath.window} usersfile=${toString oath.usersFile} digits=${toString oath.digits}"} ${optionalString use_ldap "auth sufficient ${pam_ldap}/lib/security/pam_ldap.so use_first_pass"} ${optionalString config.services.sssd.enable |