|
|
|
|
@ -366,7 +366,7 @@ let |
|
|
|
|
${let p11 = config.security.pam.p11; in optionalString cfg.p11Auth |
|
|
|
|
"auth ${p11.control} ${pkgs.pam_p11}/lib/security/pam_p11.so ${pkgs.opensc}/lib/opensc-pkcs11.so"} |
|
|
|
|
${let u2f = config.security.pam.u2f; in optionalString cfg.u2fAuth |
|
|
|
|
"auth ${u2f.control} ${pkgs.pam_u2f}/lib/security/pam_u2f.so ${optionalString u2f.debug "debug"} ${optionalString (u2f.authFile != null) "authfile=${u2f.authFile}"} ${optionalString u2f.interactive "interactive"} ${optionalString u2f.cue "cue"}"} |
|
|
|
|
"auth ${u2f.control} ${pkgs.pam_u2f}/lib/security/pam_u2f.so ${optionalString u2f.debug "debug"} ${optionalString (u2f.authFile != null) "authfile=${u2f.authFile}"} ${optionalString u2f.interactive "interactive"} ${optionalString u2f.cue "cue"} ${optionalString (u2f.appId != null) "appid=${u2f.appId}"}"} |
|
|
|
|
${optionalString cfg.usbAuth |
|
|
|
|
"auth sufficient ${pkgs.pam_usb}/lib/security/pam_usb.so"} |
|
|
|
|
${let oath = config.security.pam.oath; in optionalString cfg.oathAuth |
|
|
|
|
@ -653,6 +653,22 @@ in |
|
|
|
|
xlink:href="https://developers.yubico.com/pam-u2f/">here</link>. |
|
|
|
|
''; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
appId = mkOption { |
|
|
|
|
default = null; |
|
|
|
|
type = with types; nullOr str; |
|
|
|
|
description = '' |
|
|
|
|
By default <literal>pam-u2f</literal> module sets the application |
|
|
|
|
ID to <literal>pam://$HOSTNAME</literal>. |
|
|
|
|
|
|
|
|
|
When using <command>pamu2fcfg</command>, you can specify your |
|
|
|
|
application ID with the <literal>-i</literal> flag. |
|
|
|
|
|
|
|
|
|
More information can be found <link |
|
|
|
|
xlink:href="https://developers.yubico.com/pam-u2f/Manuals/pam_u2f.8.html"> |
|
|
|
|
here</link> |
|
|
|
|
''; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
control = mkOption { |
|
|
|
|
default = "sufficient"; |
|
|
|
|
|
Miles Breslin
4 years ago
committed by