l 3 usershadow: user passwd passwords for sshd

2017-01-22 17:48:27 +01:00 · 2017-01-22 17:48:27 +01:00 · a5134ea9ec
commit a5134ea9ec
parent e509fd2de8
1 changed files with 5 additions and 2 deletions
--- a/lass/3modules/usershadow.nix
+++ b/lass/3modules/usershadow.nix
@ -22,10 +22,13 @@
    environment.systemPackages = [ usershadow ];
    lass.usershadow.path = "${usershadow}";
    security.pam.services.sshd.text = ''
-      auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
-      auth required pam_permit.so
      account required pam_permit.so
+      auth required pam_env.so envfile=${config.system.build.pamEnvironment}
+      auth sufficient pam_exec.so quiet expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
+      auth sufficient pam_unix.so likeauth try_first_pass
+      session required pam_env.so envfile=${config.system.build.pamEnvironment}
      session required pam_permit.so
+      session required pam_loginuid.so
    '';

    security.pam.services.dovecot2.text = ''