commit a3e8ba327ea4ef1f40302945c8c27e4da5cd57fe · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

Google Authenticator 2FA support over XRDP (#407736)

authored by Pol Dellaiera and committed by GitHub 8 months ago a3e8ba32 ebb74b08

+19

1 changed file

expand all

unified split

nixos

modules

security

pam.nix

+19

nixos/modules/security/pam.nix

··· 249 to provide Google Authenticator token to log in. 250 ''; 251 }; 252 }; 253 254 otpwAuth = lib.mkOption { ··· 1048 modulePath = "${pkgs.google-authenticator}/lib/security/pam_google_authenticator.so"; 1049 settings = { 1050 no_increment_hotp = true; 1051 }; 1052 } 1053 {

··· 249 to provide Google Authenticator token to log in. 250 ''; 251 }; 252 + allowNullOTP = lib.mkOption { 253 + type = lib.types.bool; 254 + default = false; 255 + description = '' 256 + Whether to allow login for accounts that have no OTP set 257 + (i.e., accounts with no OTP configured or no existing 258 + {file}`~/.google_authenticator`). 259 + ''; 260 + }; 261 + forwardPass = lib.mkOption { 262 + type = lib.types.bool; 263 + default = false; 264 + description = '' 265 + The authentication provides a single field requiring 266 + the user's password followed by the one-time password (OTP). 267 + ''; 268 + }; 269 }; 270 271 otpwAuth = lib.mkOption { ··· 1065 modulePath = "${pkgs.google-authenticator}/lib/security/pam_google_authenticator.so"; 1066 settings = { 1067 no_increment_hotp = true; 1068 + forward_pass = cfg.googleAuthenticator.forwardPass; 1069 + nullok = cfg.googleAuthenticator.allowNullOTP; 1070 }; 1071 } 1072 {