3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

47 commits

Author SHA1 Message Date
Thomas Tuegel 8eb4d2afbc
Remove top-level kde5 attribute
- There is no such thing as KDE 5
2017-02-27 11:49:10 -06:00
Benjamin Staffin 463e90273f pam: add optional pam_kwallet5 integration 2017-02-16 02:26:42 -05:00
Parnell Springmeyer 9e36a58649
Merging against upstream master 2017-02-13 17:16:28 -06:00
Graham Christensen 96d767de62
pam_oath: require OATH and pam_unix credentials to be valid 2017-02-12 18:27:11 -05:00
Parnell Springmeyer 264db4e309
Set merge + mkIf always surprises me 2017-01-29 17:10:32 -06:00
Parnell Springmeyer cfe4351c33
I'm clearly very tired 2017-01-29 05:39:54 -06:00
Parnell Springmeyer 1cc500ea8e
Syntax wibble 2017-01-29 05:34:50 -06:00
Parnell Springmeyer 628e6a83d0
More derp 2017-01-29 05:33:56 -06:00
Parnell Springmeyer e92b8402b0
Addressing PR feedback 2017-01-28 20:48:03 -08:00
Parnell Springmeyer bae00e8aa8
setcap-wrapper: Merging with upstream master and resolving conflicts 2017-01-25 11:08:05 -08:00
Alexander Kahl 61d125b842 sssd: init at 1.14.2
perlPackages.TextWrapI18N: init at 0.06
perlPackages.Po4a: init at 0.47
jade: init at 1.2.1
ding-libs: init at 0.6.0

Switch nscd to no-caching mode if SSSD is enabled.

abbradar: disable jade parallel building.

Closes 
2017-01-04 03:07:20 +03:00
Eric Sagnes fff4a9ee01 pam module: optionSet -> submodule 2016-09-13 12:53:09 +09:00
Eelco Dolstra 98102ebd92 Enable the runuser command from util-linux
Fixes .
2016-09-06 17:23:27 +02:00
Parnell Springmeyer 98c058a1ee Adapting everything for the merged permissions wrappers work. 2016-09-01 19:21:06 -05:00
Parnell Springmeyer 390ab0b3ef everything?: Updating every package that depended on the old setuidPrograms configuration. 2016-09-01 19:17:43 -05:00
Markus Mueller e04c3506eb ldap: Add option for login PAM integration 2016-08-23 21:12:51 +02:00
Rok Garbas 03b115f8e0 nixos/i3lock-color: added to pam 2016-05-15 07:47:31 +02:00
Michael Raitza d09c7986de config.security.oath: new module
Add a module to make options to pam_oath module configurable.
These are:
 - enable - enable the OATH pam module
 - window - number of OTPs to check
 - digits - length of the OTP (adds support for two-factor auth)
 - usersFile - filename to store OATH credentials in
2016-02-25 13:52:45 +00:00
obadz a05a340e26 PAM: reorganize the way pam_ecryptfs and pam_mount get their password
Run pam_unix an additional time rather than switching it from sufficient
to required. This fixes a potential security issue for
ecryptfs/pam_mount users as with pam_deny gone, if cfg.unixAuth = False
then it is possible to login without a password.
2015-11-21 21:10:40 +00:00
Jan Malakhovski 6eadb16022 nixos: fix some types 2015-09-18 18:48:50 +00:00
Jaka Hudoklin c7bb64cb97 Merge pull request from joachifm/apparmor-pam
nixos: add AppArmor PAM support
2015-08-29 18:59:53 +02:00
obadz 172522e153 ecryptfs:
- upgrade 106 -> 108
- fix passphrase rewrapper (password changing should now work fine) as
  discussed on https://bugs.launchpad.net/ecryptfs/+bug/1486470
- add lsof dependency so ecryptfs-migrate-home should work out of the
  box
2015-08-19 12:16:57 +01:00
Joachim Fasting 2e0933787b nixos: add AppArmor PAM support
Enables attaching AppArmor profiles at the user/group level.

This is not intended to be used directly, but as part of a
role-based access control scheme. For now, profile attachment
is 'session optional', but should be changed to 'required' once
a more comprehensive solution is in place.
2015-07-15 12:40:06 +02:00
Thomas Strobel 7b6f279142 pam_mount module: integrate pam_mount into PAM of NixOS 2015-07-04 23:42:31 +02:00
Philip Potter 2216728979 add support for pam_u2f to nixos pam module
This adds support for authenticating using a U2F device such as a
yubikey neo.
2015-05-03 19:22:00 +01:00
Shea Levy 1d62ad4746 modules.nix: Generate the extra argument set from the configuration
This allows for module arguments to be handled modularly, in particular
allowing the nixpkgs module to handle the nixpkgs import internally.
This creates the __internal option namespace, which should only be added
to by the module system itself.
2015-03-12 23:42:57 +01:00
obadz e5d4624420 PAM/eCryptfs now able to mount ecryptfs'd home directories on login 2015-03-08 16:03:51 -07:00
Lluís Batlle i Rossell b26e939111 fix pam (OATH related)
the pam config was wrong.

Issue 
2015-02-24 17:52:41 +01:00
Lluís Batlle i Rossell 4e99901961 nixos: Adding OATH in pam.
(cherry picked from commit cb3cba54a1)

Conflicts:
	nixos/modules/security/pam.nix
2015-02-22 15:25:38 +01:00
Luca Bruno 804a958663 pam: add pam_wheel 2015-01-14 18:32:08 +01:00
Nikolay Amiantov a164a0b4c5 nixos/fprintd: add service and pam support 2015-01-03 19:50:40 +03:00
Michael Raskin 419031bcfc Merge pull request from lethalman/pam_tally
pam: Add logFailures option for adding pam_tally to su
2014-09-02 00:58:30 +04:00
Jan Malakhovski 8f50d803ef nixos: add support for mkhomedir in PAM 2014-09-01 10:33:48 +04:00
Jaka Hudoklin 16f801cba9 nixos/pam: make pam_loginuid optional if in container 2014-06-30 11:08:39 +02:00
Eelco Dolstra 8ae659f16c Revert "Revert "Merge : Use pam_env to properly setup system-wide env""
This reverts commit 491c088731.
2014-06-10 13:07:10 +02:00
Eelco Dolstra 491c088731 Revert "Merge : Use pam_env to properly setup system-wide env"
This reverts commit 18a0cdd864.
2014-06-10 13:03:44 +02:00
Vladimír Čunát 18a0cdd864 Merge : Use pam_env to properly setup system-wide env 2014-06-10 11:42:59 +02:00
Luca Bruno 1d5d7fdee2 pam: Add logFailures option for adding pam_tally to su 2014-05-14 17:54:21 +02:00
Eelco Dolstra 5378da25a0 Apply pam_loginuid before pam_systemd
As recommended by the pam_systemd manpage.
2014-04-17 11:35:18 +02:00
Eelco Dolstra 29027fd1e1 Rewrite ‘with pkgs.lib’ -> ‘with lib’
Using pkgs.lib on the spine of module evaluation is problematic
because the pkgs argument depends on the result of module
evaluation. To prevent an infinite recursion, pkgs and some of the
modules are evaluated twice, which is inefficient. Using ‘with lib’
prevents this problem.
2014-04-14 16:26:48 +02:00
Eelco Dolstra 408b8b5725 Add lots of missing option types 2013-10-30 18:47:43 +01:00
Eelco Dolstra 862e3dd977 Substitute "types.uniq types.string" -> "types.str" 2013-10-30 14:57:42 +01:00
Eelco Dolstra ff74d78c9d Allow PAM resource limits to be integers 2013-10-17 15:36:59 +02:00
Eelco Dolstra af8fc748dd Fix PAM resource limits 2013-10-17 15:26:48 +02:00
Eelco Dolstra ae74b0ae58 sshd: Remove the usePAM option
Sshd *must* use PAM because we depend on it for proper session
management.  The original goal of this option (disabling password
logins) can also be implemented by removing pam_auth authentication
from sshd's PAM service.
2013-10-15 15:05:49 +02:00
Eelco Dolstra a2c820c678 Turn security.pam.services into an attribute set
That is, you can say

  security.pam.services.sshd = { options... };

instead of

  security.pam.services = [ { name = "sshd"; options... } ];

making it easier to override PAM settings from other modules.
2013-10-15 14:47:51 +02:00
Eelco Dolstra 5c1f8cbc70 Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
Renamed from modules/security/pam.nix (Browse further)