summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
authorlassulus <lass@lassul.us>2017-01-22 17:48:27 +0100
committerlassulus <lass@lassul.us>2017-01-22 17:48:27 +0100
commita5134ea9ec5c0ac67761141c4f3ecd871ac3e9ad (patch)
treea57ebcab8c19217993cd51ad05476c7afbb55a5e /lass
parente509fd2de8171d80c11760c0e3a531c596e5ccf7 (diff)
l 3 usershadow: user passwd passwords for sshd
Diffstat (limited to 'lass')
-rw-r--r--lass/3modules/usershadow.nix7
1 files changed, 5 insertions, 2 deletions
diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix
index c0be053ab..fc9e63e31 100644
--- a/lass/3modules/usershadow.nix
+++ b/lass/3modules/usershadow.nix
@@ -22,10 +22,13 @@
environment.systemPackages = [ usershadow ];
lass.usershadow.path = "${usershadow}";
security.pam.services.sshd.text = ''
- auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
- auth required pam_permit.so
account required pam_permit.so
+ auth required pam_env.so envfile=${config.system.build.pamEnvironment}
+ auth sufficient pam_exec.so quiet expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
+ auth sufficient pam_unix.so likeauth try_first_pass
+ session required pam_env.so envfile=${config.system.build.pamEnvironment}
session required pam_permit.so
+ session required pam_loginuid.so
'';
security.pam.services.dovecot2.text = ''