pyrox.dev
Google Authenticator 2FA support over XRDP (#407736)
authored by Pol Dellaiera and committed by GitHub a3e8ba32 ebb74b08
+19
nixos/modules/security/pam.nix
+19
nixos/modules/security/pam.nix
···
249
249
to provide Google Authenticator token to log in.
250
250
'';
251
251
};
252
+
allowNullOTP = lib.mkOption {
253
+
type = lib.types.bool;
254
+
default = false;
255
+
description = ''
256
+
Whether to allow login for accounts that have no OTP set
257
+
(i.e., accounts with no OTP configured or no existing
258
+
{file}`~/.google_authenticator`).
259
+
'';
260
+
};
261
+
forwardPass = lib.mkOption {
262
+
type = lib.types.bool;
263
+
default = false;
264
+
description = ''
265
+
The authentication provides a single field requiring
266
+
the user's password followed by the one-time password (OTP).
267
+
'';
268
+
};
252
269
};
253
270
254
271
otpwAuth = lib.mkOption {
···
1048
1065
modulePath = "${pkgs.google-authenticator}/lib/security/pam_google_authenticator.so";
1049
1066
settings = {
1050
1067
no_increment_hotp = true;
1068
+
forward_pass = cfg.googleAuthenticator.forwardPass;
1069
+
nullok = cfg.googleAuthenticator.allowNullOTP;
1051
1070
};
1052
1071
}
1053
1072
{