|
|
|
@ -476,7 +476,7 @@ let |
|
|
|
|
auth sufficient ${pkgs.pam_usb}/lib/security/pam_usb.so |
|
|
|
|
'' + |
|
|
|
|
(let oath = config.security.pam.oath; in optionalString cfg.oathAuth '' |
|
|
|
|
auth requisite ${pkgs.oathToolkit}/lib/security/pam_oath.so window=${toString oath.window} usersfile=${toString oath.usersFile} digits=${toString oath.digits} |
|
|
|
|
auth requisite ${pkgs.oath-toolkit}/lib/security/pam_oath.so window=${toString oath.window} usersfile=${toString oath.usersFile} digits=${toString oath.digits} |
|
|
|
|
'') + |
|
|
|
|
(let yubi = config.security.pam.yubico; in optionalString cfg.yubicoAuth '' |
|
|
|
|
auth ${yubi.control} ${pkgs.yubico-pam}/lib/security/pam_yubico.so mode=${toString yubi.mode} ${optionalString (yubi.challengeResponsePath != null) "chalresp_path=${yubi.challengeResponsePath}"} ${optionalString (yubi.mode == "client") "id=${toString yubi.id}"} ${optionalString yubi.debug "debug"} |
|
|
|
@ -1024,7 +1024,7 @@ in |
|
|
|
|
++ optional config.services.sssd.enable pkgs.sssd |
|
|
|
|
++ optionals config.krb5.enable [pam_krb5 pam_ccreds] |
|
|
|
|
++ optionals config.security.pam.enableOTPW [ pkgs.otpw ] |
|
|
|
|
++ optionals config.security.pam.oath.enable [ pkgs.oathToolkit ] |
|
|
|
|
++ optionals config.security.pam.oath.enable [ pkgs.oath-toolkit ] |
|
|
|
|
++ optionals config.security.pam.p11.enable [ pkgs.pam_p11 ] |
|
|
|
|
++ optionals config.security.pam.u2f.enable [ pkgs.pam_u2f ]; |
|
|
|
|
|
|
|
|
@ -1111,7 +1111,7 @@ in |
|
|
|
|
mr ${pkgs.pam_usb}/lib/security/pam_usb.so, |
|
|
|
|
'' + |
|
|
|
|
optionalString (isEnabled (cfg: cfg.oathAuth)) '' |
|
|
|
|
"mr ${pkgs.oathToolkit}/lib/security/pam_oath.so, |
|
|
|
|
"mr ${pkgs.oath-toolkit}/lib/security/pam_oath.so, |
|
|
|
|
'' + |
|
|
|
|
optionalString (isEnabled (cfg: cfg.yubicoAuth)) '' |
|
|
|
|
mr ${pkgs.yubico-pam}/lib/security/pam_yubico.so, |
|
|
|
|