|
|
|
@ -492,7 +492,7 @@ let |
|
|
|
|
auth ${ussh.control} ${pkgs.pam_ussh}/lib/security/pam_ussh.so ${optionalString (ussh.caFile != null) "ca_file=${ussh.caFile}"} ${optionalString (ussh.authorizedPrincipals != null) "authorized_principals=${ussh.authorizedPrincipals}"} ${optionalString (ussh.authorizedPrincipalsFile != null) "authorized_principals_file=${ussh.authorizedPrincipalsFile}"} ${optionalString (ussh.group != null) "group=${ussh.group}"} |
|
|
|
|
'') + |
|
|
|
|
(let oath = config.security.pam.oath; in optionalString cfg.oathAuth '' |
|
|
|
|
auth requisite ${pkgs.oathToolkit}/lib/security/pam_oath.so window=${toString oath.window} usersfile=${toString oath.usersFile} digits=${toString oath.digits} |
|
|
|
|
auth requisite ${pkgs.oath-toolkit}/lib/security/pam_oath.so window=${toString oath.window} usersfile=${toString oath.usersFile} digits=${toString oath.digits} |
|
|
|
|
'') + |
|
|
|
|
(let yubi = config.security.pam.yubico; in optionalString cfg.yubicoAuth '' |
|
|
|
|
auth ${yubi.control} ${pkgs.yubico-pam}/lib/security/pam_yubico.so mode=${toString yubi.mode} ${optionalString (yubi.challengeResponsePath != null) "chalresp_path=${yubi.challengeResponsePath}"} ${optionalString (yubi.mode == "client") "id=${toString yubi.id}"} ${optionalString yubi.debug "debug"} |
|
|
|
@ -1131,7 +1131,7 @@ in |
|
|
|
|
++ optional config.services.sssd.enable pkgs.sssd |
|
|
|
|
++ optionals config.krb5.enable [pam_krb5 pam_ccreds] |
|
|
|
|
++ optionals config.security.pam.enableOTPW [ pkgs.otpw ] |
|
|
|
|
++ optionals config.security.pam.oath.enable [ pkgs.oathToolkit ] |
|
|
|
|
++ optionals config.security.pam.oath.enable [ pkgs.oath-toolkit ] |
|
|
|
|
++ optionals config.security.pam.p11.enable [ pkgs.pam_p11 ] |
|
|
|
|
++ optionals config.security.pam.u2f.enable [ pkgs.pam_u2f ]; |
|
|
|
|
|
|
|
|
@ -1221,7 +1221,7 @@ in |
|
|
|
|
mr ${pkgs.pam_ussh}/lib/security/pam_ussh.so, |
|
|
|
|
'' + |
|
|
|
|
optionalString (isEnabled (cfg: cfg.oathAuth)) '' |
|
|
|
|
"mr ${pkgs.oathToolkit}/lib/security/pam_oath.so, |
|
|
|
|
"mr ${pkgs.oath-toolkit}/lib/security/pam_oath.so, |
|
|
|
|
'' + |
|
|
|
|
optionalString (isEnabled (cfg: cfg.yubicoAuth)) '' |
|
|
|
|
mr ${pkgs.yubico-pam}/lib/security/pam_yubico.so, |
|
|
|
|