Merge pull request #173495 from wucke13/pam-fix

This commit is contained in:
Lassulus 2022-08-21 20:57:17 +02:00 committed by GitHub
commit f95d0b966e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -521,7 +521,7 @@ let
# Modules in this block require having the password set in PAM_AUTHTOK.
# pam_unix is marked as 'sufficient' on NixOS which means nothing will run
# after it succeeds. Certain modules need to run after pam_unix
# prompts the user for password so we run it once with 'required' at an
# prompts the user for password so we run it once with 'optional' at an
# earlier point and it will run again with 'sufficient' further down.
# We use try_first_pass the second time to avoid prompting password twice
(optionalString (cfg.unixAuth &&
@ -534,7 +534,7 @@ let
|| cfg.duoSecurity.enable))
(
''
auth required pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} ${optionalString cfg.nodelay "nodelay"} likeauth
auth optional pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} ${optionalString cfg.nodelay "nodelay"} likeauth
'' +
optionalString config.security.pam.enableEcryptfs ''
auth optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap