diff options
| author | Alyssa Ross <hi@alyssa.is> | 2020-05-13 00:32:00 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2020-05-13 00:41:26 +0000 |
| commit | 439d80fbdcdf6245444e99e3764f233122c86358 (patch) | |
| tree | bd769aabc0c8e46d3fdf8f0cc80297463e7d0dba /nixos/modules/security/pam.nix | |
| parent | cc2d9c385f776f38fa37656b8440b5c4a460e9a7 (diff) | |
| parent | 9f5e9ef4b71a2a1ea8efef56f5876cdc846d6387 (diff) | |
| download | nixpkgs-439d80fbdcdf6245444e99e3764f233122c86358.tar nixpkgs-439d80fbdcdf6245444e99e3764f233122c86358.tar.gz nixpkgs-439d80fbdcdf6245444e99e3764f233122c86358.tar.bz2 nixpkgs-439d80fbdcdf6245444e99e3764f233122c86358.tar.lz nixpkgs-439d80fbdcdf6245444e99e3764f233122c86358.tar.xz nixpkgs-439d80fbdcdf6245444e99e3764f233122c86358.tar.zst nixpkgs-439d80fbdcdf6245444e99e3764f233122c86358.zip | |
Merge remote-tracking branch 'nixpkgs/master' into master
Diffstat (limited to 'nixos/modules/security/pam.nix')
| -rw-r--r-- | nixos/modules/security/pam.nix | 29 |
1 files changed, 14 insertions, 15 deletions
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index bfc2a881387..e1a94b0121a 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -54,7 +54,7 @@ let description = '' If set, users listed in <filename>~/.yubico/authorized_yubikeys</filename> - are able to log in with the asociated Yubikey tokens. + are able to log in with the associated Yubikey tokens. ''; }; @@ -219,6 +219,14 @@ let ''; }; + nodelay = mkOption { + default = false; + type = types.bool; + description = '' + Wheather the delay after typing a wrong password should be disabled. + ''; + }; + requireWheel = mkOption { default = false; type = types.bool; @@ -366,7 +374,7 @@ let || cfg.enableGnomeKeyring || cfg.googleAuthenticator.enable || cfg.duoSecurity.enable)) '' - auth required pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} likeauth + auth required pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} ${optionalString cfg.nodelay "nodelay"} likeauth ${optionalString config.security.pam.enableEcryptfs "auth optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"} ${optionalString cfg.pamMount @@ -382,7 +390,7 @@ let "auth required ${pkgs.duo-unix}/lib/security/pam_duo.so"} '') + '' ${optionalString cfg.unixAuth - "auth sufficient pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} likeauth try_first_pass"} + "auth sufficient pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} ${optionalString cfg.nodelay "nodelay"} likeauth try_first_pass"} ${optionalString cfg.otpwAuth "auth sufficient ${pkgs.otpw}/lib/security/pam_otpw.so"} ${optionalString use_ldap @@ -545,6 +553,7 @@ in }; security.pam.enableSSHAgentAuth = mkOption { + type = types.bool; default = false; description = '' @@ -555,12 +564,7 @@ in ''; }; - security.pam.enableOTPW = mkOption { - default = false; - description = '' - Enable the OTPW (one-time password) PAM module. - ''; - }; + security.pam.enableOTPW = mkEnableOption "the OTPW (one-time password) PAM module"; security.pam.u2f = { enable = mkOption { @@ -719,12 +723,7 @@ in }; }; - security.pam.enableEcryptfs = mkOption { - default = false; - description = '' - Enable eCryptfs PAM module (mounting ecryptfs home directory on login). - ''; - }; + security.pam.enableEcryptfs = mkEnableOption "eCryptfs PAM module (mounting ecryptfs home directory on login)"; users.motd = mkOption { default = null; |