pam_dp9ik: init at 1.5
This commit is contained in:
parent
17b5dc8705
commit
5f97e78c64
3 changed files with 61 additions and 0 deletions
|
@ -548,6 +548,9 @@ let
|
||||||
(let yubi = config.security.pam.yubico; in optionalString cfg.yubicoAuth ''
|
(let yubi = config.security.pam.yubico; in optionalString cfg.yubicoAuth ''
|
||||||
auth ${yubi.control} ${pkgs.yubico-pam}/lib/security/pam_yubico.so mode=${toString yubi.mode} ${optionalString (yubi.challengeResponsePath != null) "chalresp_path=${yubi.challengeResponsePath}"} ${optionalString (yubi.mode == "client") "id=${toString yubi.id}"} ${optionalString yubi.debug "debug"}
|
auth ${yubi.control} ${pkgs.yubico-pam}/lib/security/pam_yubico.so mode=${toString yubi.mode} ${optionalString (yubi.challengeResponsePath != null) "chalresp_path=${yubi.challengeResponsePath}"} ${optionalString (yubi.mode == "client") "id=${toString yubi.id}"} ${optionalString yubi.debug "debug"}
|
||||||
'') +
|
'') +
|
||||||
|
(let dp9ik = config.security.pam.dp9ik; in optionalString dp9ik.enable ''
|
||||||
|
auth ${dp9ik.control} ${pkgs.pam_dp9ik}/lib/security/pam_p9.so ${dp9ik.authserver}
|
||||||
|
'') +
|
||||||
optionalString cfg.fprintAuth ''
|
optionalString cfg.fprintAuth ''
|
||||||
auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so
|
auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so
|
||||||
'' +
|
'' +
|
||||||
|
@ -913,6 +916,32 @@ in
|
||||||
|
|
||||||
security.pam.enableOTPW = mkEnableOption (lib.mdDoc "the OTPW (one-time password) PAM module");
|
security.pam.enableOTPW = mkEnableOption (lib.mdDoc "the OTPW (one-time password) PAM module");
|
||||||
|
|
||||||
|
security.pam.dp9ik = {
|
||||||
|
enable = mkEnableOption (
|
||||||
|
lib.mdDoc ''
|
||||||
|
the dp9ik pam module provided by tlsclient.
|
||||||
|
|
||||||
|
If set, users can be authenticated against the 9front
|
||||||
|
authentication server given in {option}`security.pam.dp9ik.authserver`.
|
||||||
|
''
|
||||||
|
);
|
||||||
|
control = mkOption {
|
||||||
|
default = "sufficient";
|
||||||
|
type = types.str;
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
This option sets the pam "control" used for this module.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
authserver = mkOption {
|
||||||
|
default = null;
|
||||||
|
type = with types; nullOr string;
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
This controls the hostname for the 9front authentication server
|
||||||
|
that users will be authenticated against.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
security.pam.krb5 = {
|
security.pam.krb5 = {
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
default = config.krb5.enable;
|
default = config.krb5.enable;
|
||||||
|
|
30
pkgs/os-specific/linux/pam_dp9ik/default.nix
Normal file
30
pkgs/os-specific/linux/pam_dp9ik/default.nix
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
{ lib
|
||||||
|
, tlsclient
|
||||||
|
, stdenv
|
||||||
|
, pkg-config
|
||||||
|
, pam
|
||||||
|
}:
|
||||||
|
|
||||||
|
stdenv.mkDerivation {
|
||||||
|
inherit (tlsclient) src version enableParallelBuilding;
|
||||||
|
|
||||||
|
pname = "pam_dp9ik";
|
||||||
|
|
||||||
|
strictDeps = true;
|
||||||
|
nativeBuildInputs = [ pkg-config ];
|
||||||
|
buildInputs = [ pam ];
|
||||||
|
|
||||||
|
makeFlags = [ "pam_p9.so" ];
|
||||||
|
installPhase = ''
|
||||||
|
install -Dm755 -t $out/lib/security/ pam_p9.so
|
||||||
|
'';
|
||||||
|
|
||||||
|
meta = with lib; {
|
||||||
|
description = "dp9ik pam module";
|
||||||
|
longDescription = "Uses tlsclient to authenticate users against a 9front auth server";
|
||||||
|
homepage = "https://git.sr.ht/~moody/tlsclient";
|
||||||
|
license = licenses.mit;
|
||||||
|
maintainers = with maintainers; [ moody ];
|
||||||
|
platforms = platforms.linux;
|
||||||
|
};
|
||||||
|
}
|
|
@ -27957,6 +27957,8 @@ with pkgs;
|
||||||
|
|
||||||
pam_ccreds = callPackage ../os-specific/linux/pam_ccreds { };
|
pam_ccreds = callPackage ../os-specific/linux/pam_ccreds { };
|
||||||
|
|
||||||
|
pam_dp9ik = callPackage ../os-specific/linux/pam_dp9ik { };
|
||||||
|
|
||||||
pam_gnupg = callPackage ../os-specific/linux/pam_gnupg { };
|
pam_gnupg = callPackage ../os-specific/linux/pam_gnupg { };
|
||||||
|
|
||||||
pam_krb5 = callPackage ../os-specific/linux/pam_krb5 { };
|
pam_krb5 = callPackage ../os-specific/linux/pam_krb5 { };
|
||||||
|
|
Loading…
Reference in a new issue