From 0cba9735c59dafa5335238028aa3a07e5f8a6fa5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 25 Apr 2019 21:22:23 +0200 Subject: Revert "l 3 usershadow: user passwd passwords for sshd" This reverts commit a5134ea9ec5c0ac67761141c4f3ecd871ac3e9ad. --- lass/3modules/usershadow.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'lass/3modules') diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix index 51da2ec93..6b8ae9d26 100644 --- a/lass/3modules/usershadow.nix +++ b/lass/3modules/usershadow.nix @@ -22,13 +22,10 @@ environment.systemPackages = [ usershadow ]; lass.usershadow.path = "${usershadow}"; security.pam.services.sshd.text = '' + auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern} + auth required pam_permit.so account required pam_permit.so - auth required pam_env.so envfile=${config.system.build.pamEnvironment} - auth sufficient pam_exec.so quiet expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern} - auth sufficient pam_unix.so likeauth try_first_pass - session required pam_env.so envfile=${config.system.build.pamEnvironment} session required pam_permit.so - session required pam_loginuid.so ''; security.pam.services.dovecot2 = { -- cgit v1.2.3 From 1acb5f9fd895fd8b241197ef309f9cc09c211719 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 26 Apr 2019 17:25:16 +0200 Subject: l usershadow: use wrappers for ssh login --- lass/3modules/usershadow.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass/3modules') diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix index 6b8ae9d26..c3d4de84d 100644 --- a/lass/3modules/usershadow.nix +++ b/lass/3modules/usershadow.nix @@ -22,7 +22,7 @@ environment.systemPackages = [ usershadow ]; lass.usershadow.path = "${usershadow}"; security.pam.services.sshd.text = '' - auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern} + auth required pam_exec.so expose_authtok /run/wrappers/bin/shadow_verify_pam ${cfg.pattern} auth required pam_permit.so account required pam_permit.so session required pam_permit.so @@ -30,7 +30,7 @@ security.pam.services.dovecot2 = { text = '' - auth required pam_exec.so debug expose_authtok log=/tmp/lol /run/wrappers/bin/shadow_verify_pam ${cfg.pattern} + auth required pam_exec.so expose_authtok /run/wrappers/bin/shadow_verify_pam ${cfg.pattern} auth required pam_permit.so account required pam_permit.so session required pam_permit.so -- cgit v1.2.3