5b8439f966
Adds easily overrideable settings for the most common PAM argument styles. These are: - Flag (e.g. "use_first_pass"): rendered for true boolean values. false values are ignored. - Key-value (e.g. "action=validate"): rendered for non-null, non-boolean values. Most PAM arguments can be configured this way. Others can still be configured with the 'args' option.
26 lines
533 B
Nix
26 lines
533 B
Nix
import ../make-test-python.nix ({ ... }:
|
|
|
|
{
|
|
name = "pam-u2f";
|
|
|
|
nodes.machine =
|
|
{ ... }:
|
|
{
|
|
security.pam.u2f = {
|
|
control = "required";
|
|
cue = true;
|
|
debug = true;
|
|
enable = true;
|
|
interactive = true;
|
|
origin = "nixos-test";
|
|
};
|
|
};
|
|
|
|
testScript =
|
|
''
|
|
machine.wait_for_unit("multi-user.target")
|
|
machine.succeed(
|
|
'egrep "auth required .*/lib/security/pam_u2f.so.*cue.*debug.*interactive.*origin=nixos-test" /etc/pam.d/ -R'
|
|
)
|
|
'';
|
|
})
|