commit 310ad4345bbe42ae7360981243f6602a03fd232f

pyrox.dev / nixpkgs

lol

fork atom

Merge pull request #30686 from gnidorah/keyring

pam: add optional pam_gnome_keyring integration

authored by

Jörg Thalheim and committed by

GitHub 8 years ago 310ad434 90576828

+16 -1

1 changed file

expand all

unified split

nixos

modules

security

pam.nix

+16 -1

nixos/modules/security/pam.nix

··· 223 223 ''; 224 224 }; 225 225 226 + enableGnomeKeyring = mkOption { 227 + default = false; 228 + type = types.bool; 229 + description = '' 230 + If enabled, pam_gnome_keyring will attempt to automatically unlock the 231 + user's default Gnome keyring upon login. If the user login password does 232 + not match their keyring password, Gnome Keyring will prompt separately 233 + after login. 234 + ''; 235 + }; 236 + 226 237 text = mkOption { 227 238 type = types.nullOr types.lines; 228 239 description = "Contents of the PAM service file."; ··· 273 284 # prompts the user for password so we run it once with 'required' at an 274 285 # earlier point and it will run again with 'sufficient' further down. 275 286 # We use try_first_pass the second time to avoid prompting password twice 276 - (optionalString (cfg.unixAuth && (config.security.pam.enableEcryptfs || cfg.pamMount || cfg.enableKwallet)) '' 287 + (optionalString (cfg.unixAuth && (config.security.pam.enableEcryptfs || cfg.pamMount || cfg.enableKwallet || cfg.enableGnomeKeyring)) '' 277 288 auth required pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} likeauth 278 289 ${optionalString config.security.pam.enableEcryptfs 279 290 "auth optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"} ··· 282 293 ${optionalString cfg.enableKwallet 283 294 ("auth optional ${pkgs.plasma5.kwallet-pam}/lib/security/pam_kwallet5.so" + 284 295 " kwalletd=${pkgs.libsForQt5.kwallet.bin}/bin/kwalletd5")} 296 + ${optionalString cfg.enableGnomeKeyring 297 + ("auth optional ${pkgs.gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so")} 285 298 '') + '' 286 299 ${optionalString cfg.unixAuth 287 300 "auth sufficient pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} likeauth try_first_pass"} ··· 351 364 ${optionalString (cfg.enableKwallet) 352 365 ("session optional ${pkgs.plasma5.kwallet-pam}/lib/security/pam_kwallet5.so" + 353 366 " kwalletd=${pkgs.libsForQt5.kwallet.bin}/bin/kwalletd5")} 367 + ${optionalString (cfg.enableGnomeKeyring) 368 + "session optional ${pkgs.gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so auto_start"} 354 369 ${optionalString (config.virtualisation.lxc.lxcfs.enable) 355 370 "session optional ${pkgs.lxcfs}/lib/security/pam_cgfs.so -c freezer,memory,name=systemd,unified,cpuset"} 356 371 '');