diff options
author | lassulus <lass@lassul.us> | 2017-01-22 17:48:27 +0100 |
---|---|---|
committer | lassulus <lass@lassul.us> | 2017-01-22 17:48:27 +0100 |
commit | a5134ea9ec5c0ac67761141c4f3ecd871ac3e9ad (patch) | |
tree | a57ebcab8c19217993cd51ad05476c7afbb55a5e /lass | |
parent | e509fd2de8171d80c11760c0e3a531c596e5ccf7 (diff) |
l 3 usershadow: user passwd passwords for sshd
Diffstat (limited to 'lass')
-rw-r--r-- | lass/3modules/usershadow.nix | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix index c0be053ab..fc9e63e31 100644 --- a/lass/3modules/usershadow.nix +++ b/lass/3modules/usershadow.nix @@ -22,10 +22,13 @@ environment.systemPackages = [ usershadow ]; lass.usershadow.path = "${usershadow}"; security.pam.services.sshd.text = '' - auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern} - auth required pam_permit.so account required pam_permit.so + auth required pam_env.so envfile=${config.system.build.pamEnvironment} + auth sufficient pam_exec.so quiet expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern} + auth sufficient pam_unix.so likeauth try_first_pass + session required pam_env.so envfile=${config.system.build.pamEnvironment} session required pam_permit.so + session required pam_loginuid.so ''; security.pam.services.dovecot2.text = '' |