diff options
Diffstat (limited to 'lass/3modules/usershadow.nix')
-rw-r--r-- | lass/3modules/usershadow.nix | 38 |
1 files changed, 24 insertions, 14 deletions
diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix index cb289096..c3d4de84 100644 --- a/lass/3modules/usershadow.nix +++ b/lass/3modules/usershadow.nix @@ -22,22 +22,30 @@ environment.systemPackages = [ usershadow ]; lass.usershadow.path = "${usershadow}"; security.pam.services.sshd.text = '' - account required pam_permit.so - auth required pam_env.so envfile=${config.system.build.pamEnvironment} - auth sufficient pam_exec.so quiet expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern} - auth sufficient pam_unix.so likeauth try_first_pass - session required pam_env.so envfile=${config.system.build.pamEnvironment} - session required pam_permit.so - session required pam_loginuid.so - ''; - - security.pam.services.dovecot2.text = '' - auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern} + auth required pam_exec.so expose_authtok /run/wrappers/bin/shadow_verify_pam ${cfg.pattern} auth required pam_permit.so account required pam_permit.so session required pam_permit.so - session required pam_env.so envfile=${config.system.build.pamEnvironment} ''; + + security.pam.services.dovecot2 = { + text = '' + auth required pam_exec.so expose_authtok /run/wrappers/bin/shadow_verify_pam ${cfg.pattern} + auth required pam_permit.so + account required pam_permit.so + session required pam_permit.so + session required pam_env.so envfile=${config.system.build.pamEnvironment} + ''; + }; + + security.wrappers.shadow_verify_pam = { + source = "${usershadow}/bin/verify_pam"; + owner = "root"; + }; + security.wrappers.shadow_verify_arg = { + source = "${usershadow}/bin/verify_arg"; + owner = "root"; + }; }; usershadow = let { @@ -46,10 +54,13 @@ "bytestring" ]; body = pkgs.writeHaskellPackage "passwords" { + ghc-options = [ + "-rtsopts" + "-Wall" + ]; executables.verify_pam = { extra-depends = deps; text = '' - import Data.Monoid import System.IO import Data.Char (chr) import System.Environment (getEnv, getArgs) @@ -72,7 +83,6 @@ executables.verify_arg = { extra-depends = deps; text = '' - import Data.Monoid import System.Environment (getArgs) import Crypto.PasswordStore (verifyPasswordWith, pbkdf2) import qualified Data.ByteString.Char8 as BS8 |