diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix')
-rw-r--r-- | nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix | 53 |
1 files changed, 29 insertions, 24 deletions
diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix index 9aed255f878a..c26a5b615353 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix @@ -6,7 +6,7 @@ let xcfg = config.services.xserver; dmcfg = xcfg.displayManager; - xEnv = config.systemd.services."display-manager".environment; + xEnv = config.systemd.services.display-manager.environment; cfg = dmcfg.lightdm; dmDefault = xcfg.desktopManager.default; @@ -232,36 +232,41 @@ in # Enable the accounts daemon to find lightdm's dbus interface environment.systemPackages = [ lightdm ]; - security.pam.services.lightdm = { - allowNullPassword = true; - startSession = true; - }; - security.pam.services.lightdm-greeter = { - allowNullPassword = true; - startSession = true; - text = '' - auth required pam_env.so envfile=${config.system.build.pamEnvironment} - auth required pam_permit.so + security.pam.services.lightdm.text = '' + auth substack login + account include login + password substack login + session include login + ''; - account required pam_permit.so + security.pam.services.lightdm-greeter.text = '' + auth required pam_succeed_if.so audit quiet_success user = lightdm + auth optional pam_permit.so - password required pam_deny.so + account required pam_succeed_if.so audit quiet_success user = lightdm + account sufficient pam_unix.so + + password required pam_deny.so + + session required pam_succeed_if.so audit quiet_success user = lightdm + session required pam_env.so envfile=${config.system.build.pamEnvironment} + session optional ${pkgs.systemd}/lib/security/pam_systemd.so + session optional pam_keyinit.so force revoke + session optional pam_permit.so + ''; - session required pam_env.so envfile=${config.system.build.pamEnvironment} - session required pam_unix.so - session optional ${pkgs.systemd}/lib/security/pam_systemd.so - ''; - }; security.pam.services.lightdm-autologin.text = '' - auth requisite pam_nologin.so - auth required pam_succeed_if.so uid >= 1000 quiet - auth required pam_permit.so + auth requisite pam_nologin.so + + auth required pam_succeed_if.so uid >= 1000 quiet + auth required pam_permit.so - account include lightdm + account sufficient pam_unix.so - password include lightdm + password requisite pam_unix.so nullok sha512 - session include lightdm + session optional pam_keyinit.so revoke + session include login ''; users.users.lightdm = { |