Commit graph

23 commits

Author SHA1 Message Date
Philip Potter
2216728979 add support for pam_u2f to nixos pam module
This adds support for authenticating using a U2F device such as a
yubikey neo.
2015-05-03 19:22:00 +01:00
Shea Levy
1d62ad4746 modules.nix: Generate the extra argument set from the configuration
This allows for module arguments to be handled modularly, in particular
allowing the nixpkgs module to handle the nixpkgs import internally.
This creates the __internal option namespace, which should only be added
to by the module system itself.
2015-03-12 23:42:57 +01:00
obadz
e5d4624420 PAM/eCryptfs now able to mount ecryptfs'd home directories on login 2015-03-08 16:03:51 -07:00
Lluís Batlle i Rossell
b26e939111 fix pam (OATH related)
the pam config was wrong.

Issue #6551
2015-02-24 17:52:41 +01:00
Lluís Batlle i Rossell
4e99901961 nixos: Adding OATH in pam.
(cherry picked from commit cb3cba54a1b87c376d0801238cb827eadb18e39e)

Conflicts:
	nixos/modules/security/pam.nix
2015-02-22 15:25:38 +01:00
Luca Bruno
804a958663 pam: add pam_wheel 2015-01-14 18:32:08 +01:00
Nikolay Amiantov
a164a0b4c5 nixos/fprintd: add service and pam support 2015-01-03 19:50:40 +03:00
Michael Raskin
419031bcfc Merge pull request #2644 from lethalman/pam_tally
pam: Add logFailures option for adding pam_tally to su
2014-09-02 00:58:30 +04:00
Jan Malakhovski
8f50d803ef nixos: add support for mkhomedir in PAM 2014-09-01 10:33:48 +04:00
Jaka Hudoklin
16f801cba9 nixos/pam: make pam_loginuid optional if in container 2014-06-30 11:08:39 +02:00
Eelco Dolstra
8ae659f16c Revert "Revert "Merge #2692: Use pam_env to properly setup system-wide env""
This reverts commit 491c088731.
2014-06-10 13:07:10 +02:00
Eelco Dolstra
491c088731 Revert "Merge #2692: Use pam_env to properly setup system-wide env"
This reverts commit 18a0cdd864.
2014-06-10 13:03:44 +02:00
Vladimír Čunát
18a0cdd864 Merge #2692: Use pam_env to properly setup system-wide env 2014-06-10 11:42:59 +02:00
Luca Bruno
1d5d7fdee2 pam: Add logFailures option for adding pam_tally to su 2014-05-14 17:54:21 +02:00
Eelco Dolstra
5378da25a0 Apply pam_loginuid before pam_systemd
As recommended by the pam_systemd manpage.
2014-04-17 11:35:18 +02:00
Eelco Dolstra
29027fd1e1 Rewrite ‘with pkgs.lib’ -> ‘with lib’
Using pkgs.lib on the spine of module evaluation is problematic
because the pkgs argument depends on the result of module
evaluation. To prevent an infinite recursion, pkgs and some of the
modules are evaluated twice, which is inefficient. Using ‘with lib’
prevents this problem.
2014-04-14 16:26:48 +02:00
Eelco Dolstra
408b8b5725 Add lots of missing option types 2013-10-30 18:47:43 +01:00
Eelco Dolstra
862e3dd977 Substitute "types.uniq types.string" -> "types.str" 2013-10-30 14:57:42 +01:00
Eelco Dolstra
ff74d78c9d Allow PAM resource limits to be integers 2013-10-17 15:36:59 +02:00
Eelco Dolstra
af8fc748dd Fix PAM resource limits 2013-10-17 15:26:48 +02:00
Eelco Dolstra
ae74b0ae58 sshd: Remove the usePAM option
Sshd *must* use PAM because we depend on it for proper session
management.  The original goal of this option (disabling password
logins) can also be implemented by removing pam_auth authentication
from sshd's PAM service.
2013-10-15 15:05:49 +02:00
Eelco Dolstra
a2c820c678 Turn security.pam.services into an attribute set
That is, you can say

  security.pam.services.sshd = { options... };

instead of

  security.pam.services = [ { name = "sshd"; options... } ];

making it easier to override PAM settings from other modules.
2013-10-15 14:47:51 +02:00
Eelco Dolstra
5c1f8cbc70 Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
Renamed from modules/security/pam.nix (Browse further)