diff options
| author | Miles Breslin <milesbreslin@gmail.com> | 2020-10-08 11:37:40 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-10-08 14:37:40 -0400 |
| commit | 8e628f8eeaba636bb57a4a9a0086499cc797a014 (patch) | |
| tree | 2887dae4cc2ed0eca930cf66ac6663fff0d859ae /nixos/modules/security/pam.nix | |
| parent | 9c56eb009a48d98efebc0dcc7400ee299ae3bfd5 (diff) | |
| download | nixpkgs-8e628f8eeaba636bb57a4a9a0086499cc797a014.tar nixpkgs-8e628f8eeaba636bb57a4a9a0086499cc797a014.tar.gz nixpkgs-8e628f8eeaba636bb57a4a9a0086499cc797a014.tar.bz2 nixpkgs-8e628f8eeaba636bb57a4a9a0086499cc797a014.tar.lz nixpkgs-8e628f8eeaba636bb57a4a9a0086499cc797a014.tar.xz nixpkgs-8e628f8eeaba636bb57a4a9a0086499cc797a014.tar.zst nixpkgs-8e628f8eeaba636bb57a4a9a0086499cc797a014.zip | |
nixos/pam: Add option to set pam-u2f appid (#73591)
Diffstat (limited to 'nixos/modules/security/pam.nix')
| -rw-r--r-- | nixos/modules/security/pam.nix | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 7ae26804317..40bec8d0791 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -366,7 +366,7 @@ let ${let p11 = config.security.pam.p11; in optionalString cfg.p11Auth "auth ${p11.control} ${pkgs.pam_p11}/lib/security/pam_p11.so ${pkgs.opensc}/lib/opensc-pkcs11.so"} ${let u2f = config.security.pam.u2f; in optionalString cfg.u2fAuth - "auth ${u2f.control} ${pkgs.pam_u2f}/lib/security/pam_u2f.so ${optionalString u2f.debug "debug"} ${optionalString (u2f.authFile != null) "authfile=${u2f.authFile}"} ${optionalString u2f.interactive "interactive"} ${optionalString u2f.cue "cue"}"} + "auth ${u2f.control} ${pkgs.pam_u2f}/lib/security/pam_u2f.so ${optionalString u2f.debug "debug"} ${optionalString (u2f.authFile != null) "authfile=${u2f.authFile}"} ${optionalString u2f.interactive "interactive"} ${optionalString u2f.cue "cue"} ${optionalString (u2f.appId != null) "appid=${u2f.appId}"}"} ${optionalString cfg.usbAuth "auth sufficient ${pkgs.pam_usb}/lib/security/pam_usb.so"} ${let oath = config.security.pam.oath; in optionalString cfg.oathAuth @@ -653,6 +653,22 @@ in xlink:href="https://developers.yubico.com/pam-u2f/">here</link>. ''; }; + + appId = mkOption { + default = null; + type = with types; nullOr str; + description = '' + By default <literal>pam-u2f</literal> module sets the application + ID to <literal>pam://$HOSTNAME</literal>. + + When using <command>pamu2fcfg</command>, you can specify your + application ID with the <literal>-i</literal> flag. + + More information can be found <link + xlink:href="https://developers.yubico.com/pam-u2f/Manuals/pam_u2f.8.html"> + here</link> + ''; + }; control = mkOption { default = "sufficient"; |