Merge pull request #80896 from clkamp/pam-unix-add-nodelay

nixos/security/pam: Add nodelay option
This commit is contained in:
worldofpeace 2020-04-28 17:50:42 -04:00 committed by GitHub
commit a0ebabf60a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -219,6 +219,14 @@ let
''; '';
}; };
nodelay = mkOption {
default = false;
type = types.bool;
description = ''
Wheather the delay after typing a wrong password should be disabled.
'';
};
requireWheel = mkOption { requireWheel = mkOption {
default = false; default = false;
type = types.bool; type = types.bool;
@ -366,7 +374,7 @@ let
|| cfg.enableGnomeKeyring || cfg.enableGnomeKeyring
|| cfg.googleAuthenticator.enable || cfg.googleAuthenticator.enable
|| cfg.duoSecurity.enable)) '' || cfg.duoSecurity.enable)) ''
auth required pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} likeauth auth required pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} ${optionalString cfg.nodelay "nodelay"} likeauth
${optionalString config.security.pam.enableEcryptfs ${optionalString config.security.pam.enableEcryptfs
"auth optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"} "auth optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"}
${optionalString cfg.pamMount ${optionalString cfg.pamMount
@ -382,7 +390,7 @@ let
"auth required ${pkgs.duo-unix}/lib/security/pam_duo.so"} "auth required ${pkgs.duo-unix}/lib/security/pam_duo.so"}
'') + '' '') + ''
${optionalString cfg.unixAuth ${optionalString cfg.unixAuth
"auth sufficient pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} likeauth try_first_pass"} "auth sufficient pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} ${optionalString cfg.nodelay "nodelay"} likeauth try_first_pass"}
${optionalString cfg.otpwAuth ${optionalString cfg.otpwAuth
"auth sufficient ${pkgs.otpw}/lib/security/pam_otpw.so"} "auth sufficient ${pkgs.otpw}/lib/security/pam_otpw.so"}
${optionalString use_ldap ${optionalString use_ldap