From a5134ea9ec5c0ac67761141c4f3ecd871ac3e9ad Mon Sep 17 00:00:00 2001
From: lassulus <lass@lassul.us>
Date: Sun, 22 Jan 2017 17:48:27 +0100
Subject: l 3 usershadow: user passwd passwords for sshd

---
 lass/3modules/usershadow.nix | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'lass/3modules/usershadow.nix')

diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix
index c0be053a..fc9e63e3 100644
--- a/lass/3modules/usershadow.nix
+++ b/lass/3modules/usershadow.nix
@@ -22,10 +22,13 @@
     environment.systemPackages = [ usershadow ];
     lass.usershadow.path = "${usershadow}";
     security.pam.services.sshd.text = ''
-      auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
-      auth required pam_permit.so
       account required pam_permit.so
+      auth required pam_env.so envfile=${config.system.build.pamEnvironment}
+      auth sufficient pam_exec.so quiet expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
+      auth sufficient pam_unix.so likeauth try_first_pass
+      session required pam_env.so envfile=${config.system.build.pamEnvironment}
       session required pam_permit.so
+      session required pam_loginuid.so
     '';
 
     security.pam.services.dovecot2.text = ''
-- 
cgit v1.2.3