diff options
author | mlatus <wqseleven@gmail.com> | 2021-07-17 14:56:55 +0800 |
---|---|---|
committer | mlatus <wqseleven@gmail.com> | 2021-07-17 15:05:31 +0800 |
commit | 43ca464e37b6262516e1064408c280f9f141ab97 (patch) | |
tree | edc5396e6e39feb10053cc431cfe9d3f774ea8a1 /nixos/modules/security/pam.nix | |
parent | 2bf5cb07cfaf092470886c1af7b4bd0f189562e1 (diff) | |
download | nixpkgs-43ca464e37b6262516e1064408c280f9f141ab97.tar nixpkgs-43ca464e37b6262516e1064408c280f9f141ab97.tar.gz nixpkgs-43ca464e37b6262516e1064408c280f9f141ab97.tar.bz2 nixpkgs-43ca464e37b6262516e1064408c280f9f141ab97.tar.lz nixpkgs-43ca464e37b6262516e1064408c280f9f141ab97.tar.xz nixpkgs-43ca464e37b6262516e1064408c280f9f141ab97.tar.zst nixpkgs-43ca464e37b6262516e1064408c280f9f141ab97.zip |
nixos/pam: allow users to set the path to store challenge and expected responsed used by yubico_pam
Diffstat (limited to 'nixos/modules/security/pam.nix')
-rw-r--r-- | nixos/modules/security/pam.nix | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 5699025601f..9a6c7d17825 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -406,7 +406,7 @@ let ${let oath = config.security.pam.oath; in optionalString cfg.oathAuth "auth requisite ${pkgs.oathToolkit}/lib/security/pam_oath.so window=${toString oath.window} usersfile=${toString oath.usersFile} digits=${toString oath.digits}"} ${let yubi = config.security.pam.yubico; in optionalString cfg.yubicoAuth - "auth ${yubi.control} ${pkgs.yubico-pam}/lib/security/pam_yubico.so mode=${toString yubi.mode} ${optionalString (yubi.mode == "client") "id=${toString yubi.id}"} ${optionalString yubi.debug "debug"}"} + "auth ${yubi.control} ${pkgs.yubico-pam}/lib/security/pam_yubico.so mode=${toString yubi.mode} ${optionalString (yubi.challengeResponsePath != null) "chalresp_path=${yubi.challengeResponsePath}"} ${optionalString (yubi.mode == "client") "id=${toString yubi.id}"} ${optionalString yubi.debug "debug"}"} ${optionalString cfg.fprintAuth "auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so"} '' + @@ -826,6 +826,16 @@ in xlink:href="https://developers.yubico.com/yubico-pam/Authentication_Using_Challenge-Response.html">here</link>. ''; }; + challengeResponsePath = mkOption { + default = null; + type = types.path; + description = '' + If not null, set the path used by yubico pam module where the challenge expected response is stored. + + More information can be found <link + xlink:href="https://developers.yubico.com/yubico-pam/Authentication_Using_Challenge-Response.html">here</link>. + ''; + }; }; security.pam.enableEcryptfs = mkEnableOption "eCryptfs PAM module (mounting ecryptfs home directory on login)"; |