diff options
author | Lluís Batlle i Rossell <viric@viric.name> | 2015-02-14 23:52:22 +0100 |
---|---|---|
committer | Lluís Batlle i Rossell <viric@viric.name> | 2015-02-22 15:25:38 +0100 |
commit | 4e9990196104eb670d3e5108bde0666575b0f47e (patch) | |
tree | b749477555d07f83da4af6f22382f779e703d09b /nixos | |
parent | d44573e16f3072d02714e1beeaf34e24fc808a62 (diff) | |
download | nixlib-4e9990196104eb670d3e5108bde0666575b0f47e.tar nixlib-4e9990196104eb670d3e5108bde0666575b0f47e.tar.gz nixlib-4e9990196104eb670d3e5108bde0666575b0f47e.tar.bz2 nixlib-4e9990196104eb670d3e5108bde0666575b0f47e.tar.lz nixlib-4e9990196104eb670d3e5108bde0666575b0f47e.tar.xz nixlib-4e9990196104eb670d3e5108bde0666575b0f47e.tar.zst nixlib-4e9990196104eb670d3e5108bde0666575b0f47e.zip |
nixos: Adding OATH in pam.
(cherry picked from commit cb3cba54a1b87c376d0801238cb827eadb18e39e) Conflicts: nixos/modules/security/pam.nix
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/security/pam.nix | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 65761865859f..dcb2d5494754 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -63,6 +63,14 @@ let ''; }; + oathAuth = mkOption { + default = config.security.pam.enableOATH; + type = types.bool; + description = '' + If set, the OATH Toolkit will be used. + ''; + }; + sshAgentAuth = mkOption { default = false; type = types.bool; @@ -206,6 +214,8 @@ let "auth sufficient pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} likeauth"} ${optionalString cfg.otpwAuth "auth sufficient ${pkgs.otpw}/lib/security/pam_otpw.so"} + ${optionalString cfg.oathAuth + "auth sufficient ${pkgs.oathToolkit}/lib/security/pam_oath.so"} window=5 usersfile=/etc/users.oath ${optionalString config.users.ldap.enable "auth sufficient ${pam_ldap}/lib/security/pam_ldap.so use_first_pass"} ${optionalString config.krb5.enable '' @@ -241,6 +251,8 @@ let "session optional ${pam_krb5}/lib/security/pam_krb5.so"} ${optionalString cfg.otpwAuth "session optional ${pkgs.otpw}/lib/security/pam_otpw.so"} + ${optionalString cfg.oathAuth + "session optional ${pkgs.oathToolkit}/lib/security/pam_oath.so"} window=5 usersfile=/etc/users.oath ${optionalString cfg.startSession "session optional ${pkgs.systemd}/lib/security/pam_systemd.so"} ${optionalString cfg.forwardXAuth @@ -338,6 +350,13 @@ in ''; }; + security.pam.enableOATH = mkOption { + default = false; + description = '' + Enable the OATH (one-time password) PAM module. + ''; + }; + users.motd = mkOption { default = null; example = "Today is Sweetmorn, the 4th day of The Aftermath in the YOLD 3178."; @@ -357,7 +376,8 @@ in [ pkgs.pam ] ++ optional config.users.ldap.enable pam_ldap ++ optionals config.krb5.enable [pam_krb5 pam_ccreds] - ++ optionals config.security.pam.enableOTPW [ pkgs.otpw ]; + ++ optionals config.security.pam.enableOTPW [ pkgs.otpw ] + ++ optionals config.security.pam.enableOATH [ pkgs.oathToolkit ]; environment.etc = mapAttrsToList (n: v: makePAMService v) config.security.pam.services; |