diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index ce18af9fbc95..a80312367d85 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -611,7 +611,6 @@ let session optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so '' + optionalString cfg.pamMount '' - session [success=1 default=ignore] ${pkgs.pam}/lib/security/pam_succeed_if.so service = systemd-user quiet session optional ${pkgs.pam_mount}/lib/security/pam_mount.so disable_interactive '' + optionalString use_ldap '' diff --git a/nixos/modules/system/boot/systemd/user.nix b/nixos/modules/system/boot/systemd/user.nix index 0b1e6277c2f5..edfff5abaa9e 100644 --- a/nixos/modules/system/boot/systemd/user.nix +++ b/nixos/modules/system/boot/systemd/user.nix @@ -145,6 +145,10 @@ in { { # Ensure that pam_systemd gets included. This is special-cased # in systemd to provide XDG_RUNTIME_DIR. startSession = true; + # Disable pam_mount in systemd-user to prevent it from being called + # multiple times during login, because it will prevent pam_mount from + # unmounting the previously mounted volumes. + pamMount = false; }; # Some overrides to upstream units.