Commit graph

11 commits

Author SHA1 Message Date
Geoffrey Huntley
a88ec5e8a5 duosec: use root uid as sshd uid has been retired (#33597)
* fix: use root uid as sshd uid has been retired

fixes https://github.com/NixOS/nixpkgs/issues/10088
related PR (abandoned) at https://github.com/NixOS/nixpkgs/pull/15391

* must use "sshd" user otherwise duosec does not work in multi user mode

see https://github.com/duosecurity/duo_unix/issues/89#issuecomment-272062632
2018-03-21 18:46:35 -05:00
Parnell Springmeyer
628e6a83d0
More derp 2017-01-29 05:33:56 -06:00
Parnell Springmeyer
e92b8402b0
Addressing PR feedback 2017-01-28 20:48:03 -08:00
Parnell Springmeyer
bae00e8aa8
setcap-wrapper: Merging with upstream master and resolving conflicts 2017-01-25 11:08:05 -08:00
Eric Sagnes
9513ab45aa duosec module: use enum 2016-11-16 22:36:05 +09:00
Parnell Springmeyer
98c058a1ee Adapting everything for the merged permissions wrappers work. 2016-09-01 19:21:06 -05:00
Parnell Springmeyer
390ab0b3ef everything?: Updating every package that depended on the old setuidPrograms configuration. 2016-09-01 19:17:43 -05:00
Tobias Geerinckx-Rice
c64257b8e5 Fix user-facing typos (mainly in descriptions) 2014-12-30 03:31:03 +01:00
Austin Seipp
e31f212f6b nixos/duosec: Add an option to allow TCP forwarding
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-20 02:42:38 -05:00
Eelco Dolstra
29027fd1e1 Rewrite ‘with pkgs.lib’ -> ‘with lib’
Using pkgs.lib on the spine of module evaluation is problematic
because the pkgs argument depends on the result of module
evaluation. To prevent an infinite recursion, pkgs and some of the
modules are evaluated twice, which is inefficient. Using ‘with lib’
prevents this problem.
2014-04-14 16:26:48 +02:00
Austin Seipp
29d46452dd nixos: add Duo Security module
This module adds the security.duosec attributes, which you can use to
enable simple two-factor authentication for NixOS logins.

The module currently provides PAM and SSH support, although the PAM unix
system configuration isn't automatically dealt with (although the
configuration is automatically built).

Enabling it is as easy as saying:

  security.duosec.ssh.enable = true;
  security.duosec.ikey       = "XXXXXXXX...";
  security.duosec.skey       = "XXXXXXXX...";
  security.duosec.host       = "api-XXXXXXX.duosecurity.com";
  security.duosec.group      = "duosec";

which will enforce two-factor authentication for SSH logins for users in
the 'duosec' group.

This requires uid/gid support in the environment.etc module.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-16 07:11:50 -05:00