Google Authenticator 2FA support over XRDP (#407736)

tjh.dev / nixpkgs

fork atom

nixpkgs mirror (for testing) github.com/NixOS/nixpkgs

nix

fork atom

Google Authenticator 2FA support over XRDP (#407736)

authored by

Pol Dellaiera and committed by

GitHub 10 months ago a3e8ba32 ebb74b08

+19

1 changed file

expand all

nixos

modules

security

pam.nix

+19

nixos/modules/security/pam.nix

··· 249 249 to provide Google Authenticator token to log in. 250 250 ''; 251 251 }; 252 + allowNullOTP = lib.mkOption { 253 + type = lib.types.bool; 254 + default = false; 255 + description = '' 256 + Whether to allow login for accounts that have no OTP set 257 + (i.e., accounts with no OTP configured or no existing 258 + {file}`~/.google_authenticator`). 259 + ''; 260 + }; 261 + forwardPass = lib.mkOption { 262 + type = lib.types.bool; 263 + default = false; 264 + description = '' 265 + The authentication provides a single field requiring 266 + the user's password followed by the one-time password (OTP). 267 + ''; 268 + }; 252 269 }; 253 270 254 271 otpwAuth = lib.mkOption { ··· 1065 1048 modulePath = "${pkgs.google-authenticator}/lib/security/pam_google_authenticator.so"; 1066 1049 settings = { 1067 1050 no_increment_hotp = true; 1051 + forward_pass = cfg.googleAuthenticator.forwardPass; 1052 + nullok = cfg.googleAuthenticator.allowNullOTP; 1068 1053 }; 1069 1054 } 1070 1055 {