Merge remote-tracking branch 'lass/master'

author: makefu <github@syntax-fehler.de> 2017-01-25 23:23:29 +0100
committer: makefu <github@syntax-fehler.de> 2017-01-25 23:23:29 +0100
commit: bf405736962fd20df738f84665e5fc7f8d74e72d (patch)
tree: ae01054fe88089d6476b3c1b1952066fd6c79092 /lass/3modules/usershadow.nix
parent: 7e1bd2729e11e5c63749c69093359de0bb3329b2 (diff)
parent: 89c5b22129d3cb875d16a3171a4e3ab3bee9cb0a (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix
index c0be053ab..fc9e63e31 100644
--- a/lass/3modules/usershadow.nix
+++ b/lass/3modules/usershadow.nix
@@ -22,10 +22,13 @@
     environment.systemPackages = [ usershadow ];
     lass.usershadow.path = "${usershadow}";
     security.pam.services.sshd.text = ''
-      auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
-      auth required pam_permit.so
       account required pam_permit.so
+      auth required pam_env.so envfile=${config.system.build.pamEnvironment}
+      auth sufficient pam_exec.so quiet expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
+      auth sufficient pam_unix.so likeauth try_first_pass
+      session required pam_env.so envfile=${config.system.build.pamEnvironment}
       session required pam_permit.so
+      session required pam_loginuid.so
     '';
 
     security.pam.services.dovecot2.text = ''
author	makefu <github@syntax-fehler.de>	2017-01-25 23:23:29 +0100
committer	makefu <github@syntax-fehler.de>	2017-01-25 23:23:29 +0100
commit	bf405736962fd20df738f84665e5fc7f8d74e72d (patch)
tree	ae01054fe88089d6476b3c1b1952066fd6c79092 /lass/3modules/usershadow.nix
parent	7e1bd2729e11e5c63749c69093359de0bb3329b2 (diff)
parent	89c5b22129d3cb875d16a3171a4e3ab3bee9cb0a (diff)