Merge pull request #80896 from clkamp/pam-unix-add-nodelay
nixos/security/pam: Add nodelay option
This commit is contained in:
commit
a0ebabf60a
@ -219,6 +219,14 @@ let
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
nodelay = mkOption {
|
||||||
|
default = false;
|
||||||
|
type = types.bool;
|
||||||
|
description = ''
|
||||||
|
Wheather the delay after typing a wrong password should be disabled.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
requireWheel = mkOption {
|
requireWheel = mkOption {
|
||||||
default = false;
|
default = false;
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
@ -366,7 +374,7 @@ let
|
|||||||
|| cfg.enableGnomeKeyring
|
|| cfg.enableGnomeKeyring
|
||||||
|| cfg.googleAuthenticator.enable
|
|| cfg.googleAuthenticator.enable
|
||||||
|| cfg.duoSecurity.enable)) ''
|
|| cfg.duoSecurity.enable)) ''
|
||||||
auth required pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} likeauth
|
auth required pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} ${optionalString cfg.nodelay "nodelay"} likeauth
|
||||||
${optionalString config.security.pam.enableEcryptfs
|
${optionalString config.security.pam.enableEcryptfs
|
||||||
"auth optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"}
|
"auth optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"}
|
||||||
${optionalString cfg.pamMount
|
${optionalString cfg.pamMount
|
||||||
@ -382,7 +390,7 @@ let
|
|||||||
"auth required ${pkgs.duo-unix}/lib/security/pam_duo.so"}
|
"auth required ${pkgs.duo-unix}/lib/security/pam_duo.so"}
|
||||||
'') + ''
|
'') + ''
|
||||||
${optionalString cfg.unixAuth
|
${optionalString cfg.unixAuth
|
||||||
"auth sufficient pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} likeauth try_first_pass"}
|
"auth sufficient pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} ${optionalString cfg.nodelay "nodelay"} likeauth try_first_pass"}
|
||||||
${optionalString cfg.otpwAuth
|
${optionalString cfg.otpwAuth
|
||||||
"auth sufficient ${pkgs.otpw}/lib/security/pam_otpw.so"}
|
"auth sufficient ${pkgs.otpw}/lib/security/pam_otpw.so"}
|
||||||
${optionalString use_ldap
|
${optionalString use_ldap
|
||||||
|
Loading…
Reference in New Issue
Block a user