diff options
| author | Peter Hoeg <peter@hoeg.com> | 2020-06-10 10:55:14 +0800 |
|---|---|---|
| committer | Peter Hoeg <peter@hoeg.com> | 2021-10-27 08:53:15 +0800 |
| commit | 22a500a3f87bbce73bd8d777ef920b43a636f018 (patch) | |
| tree | f3e68bad27e10e25eb2645819b747e52c37d8fd3 /nixos/modules/security/pam.nix | |
| parent | 4cdfe28fecc0f34e1749e9619c47b23f2f9a82fd (diff) | |
| download | nixpkgs-22a500a3f87bbce73bd8d777ef920b43a636f018.tar nixpkgs-22a500a3f87bbce73bd8d777ef920b43a636f018.tar.gz nixpkgs-22a500a3f87bbce73bd8d777ef920b43a636f018.tar.bz2 nixpkgs-22a500a3f87bbce73bd8d777ef920b43a636f018.tar.lz nixpkgs-22a500a3f87bbce73bd8d777ef920b43a636f018.tar.xz nixpkgs-22a500a3f87bbce73bd8d777ef920b43a636f018.tar.zst nixpkgs-22a500a3f87bbce73bd8d777ef920b43a636f018.zip | |
pam_mount: do not re-prompt for password
nixos-rebuild test causes pam_mount to prompt for a password when running with an encrypted home: building '/nix/store/p6bflh7n5zy2dql8l45mix9qnzq65hbk-nixos-system-mildred-18.09.git.98592c5da79M.drv'... activating the configuration... setting up /etc... reenter password for pam_mount: (mount.c:68): Messages from underlying mount program: (mount.c:72): crypt_activate_by_passphrase: File exists (pam_mount.c:522): mount of /dev/mapper/vg0-lv_home_peter failed kbuildsycoca5 running... This change makes pam_mount not prompt. It still tries to remount (and fails in the process) but that message can be ignored. Fixes: #44586
Diffstat (limited to 'nixos/modules/security/pam.nix')
| -rw-r--r-- | nixos/modules/security/pam.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 4c18fa8cc67..d6a6f7ce082 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -428,7 +428,7 @@ let ${optionalString config.security.pam.enableEcryptfs "auth optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"} ${optionalString cfg.pamMount - "auth optional ${pkgs.pam_mount}/lib/security/pam_mount.so"} + "auth optional ${pkgs.pam_mount}/lib/security/pam_mount.so disable_interactive"} ${optionalString cfg.enableKwallet ("auth optional ${pkgs.plasma5Packages.kwallet-pam}/lib/security/pam_kwallet5.so" + " kwalletd=${pkgs.plasma5Packages.kwallet.bin}/bin/kwalletd5")} @@ -489,7 +489,7 @@ let ${optionalString config.security.pam.enableEcryptfs "session optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"} ${optionalString cfg.pamMount - "session optional ${pkgs.pam_mount}/lib/security/pam_mount.so"} + "session optional ${pkgs.pam_mount}/lib/security/pam_mount.so disable_interactive"} ${optionalString use_ldap "session optional ${pam_ldap}/lib/security/pam_ldap.so"} ${optionalString config.services.sssd.enable |