Commit Graph

16 Commits

Author SHA1 Message Date
Majiir Paktu
43f7cb4a95 nixos/pam: add order comment to each rule line 2023-10-10 21:11:35 -04:00
Majiir Paktu
5b8439f966 nixos/pam: add settings option for common argument styles
Adds easily overrideable settings for the most common PAM argument
styles. These are:

- Flag (e.g. "use_first_pass"): rendered for true boolean values. false
  values are ignored.

- Key-value (e.g. "action=validate"): rendered for non-null, non-boolean
  values.

Most PAM arguments can be configured this way. Others can still be
configured with the 'args' option.
2023-10-10 21:11:34 -04:00
Majiir Paktu
6eea7fb194 nixos/pam: extract args field
Module arguments have common escaping rules for all PAMs.
2023-10-09 23:17:37 -04:00
Nicola Squartini
56e894b0b1 nixos/pam: add test for ZFS home dataset unlocking 2023-05-15 09:22:42 +02:00
Martin Weinelt
4472cf44eb
treewide: Make yescrypt the default algorithm for pam_unix.so
This ensures `passwd` will default to yescrypt for newly generated
passwords.
2023-03-13 07:54:27 +01:00
Robert Hensing
e260018f9c nixos/tests: Add names 2022-09-24 17:38:09 +01:00
Arian van Putten
55bd770662
Merge pull request #167514 from shimunn/pam_u2f_module
nixos/security/pam: added `origin` option to pamu2f
2022-07-16 10:56:26 +02:00
shimun
327d99c0ca
nixos/security/pam: added origin option to pamu2f 2022-07-15 20:38:24 +02:00
Bobby Rong
906b0b2e87
nixos/tests: fix all tests that uses wait_until_tty_matches 2022-06-04 12:22:03 +08:00
Artturi
0b64a2d69a
Merge pull request #167108 from aaronjheng/oath-toolkit
oath-toolkit: Rename from oathToolkit to oath-toolkit
2022-05-05 03:58:39 +03:00
Luke Granger-Brown
1be4ba01ac
Merge pull request #164025 from lukegb/pam-ussh
pam-ussh: init at unstable-20210615
2022-04-11 01:25:45 +01:00
Aaron Jheng
f0c470f5eb
oath-toolkit: Rename from oathToolkit to oath-toolkit 2022-04-04 01:11:06 +00:00
Robert Hensing
aa0f27abb0 treewide: machine -> nodes.machine 2022-03-28 14:11:58 +02:00
Luke Granger-Brown
1853015550 nixos/pam: add support for pam-ussh
pam-ussh allows authorizing using an SSH certificate stored in your
SSH agent, in a similar manner to pam-ssh-agent-auth, but for
certificates rather than raw public keys.
2022-03-13 17:31:46 +00:00
Victor Engmark
3b2e6e72fa tests: Move all PAM tests into a separate directory
As per
<https://github.com/NixOS/nixpkgs/pull/146467#issuecomment-972743535>.
2021-11-27 20:36:50 +02:00
Victor Engmark
595543a314 tests: Verify /etc/pam.d/chfn file contents 2021-11-27 15:55:46 +13:00