Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

l usershadow: add setuid wrapper for check_pw

Browse Source
This commit is contained in:
lassulus 2019-04-13 14:49:48 +02:00
parent d03c70bb86
commit ec4b7f30f5
1 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
lass/3modules/usershadow.nix
View File

@ -31,13 +31,20 @@
session required pam_loginuid.so
'';
security.pam.services.dovecot2.text = ''
auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
auth required pam_permit.so
account required pam_permit.so
session required pam_permit.so
session required pam_env.so envfile=${config.system.build.pamEnvironment}
'';
security.pam.services.dovecot2 = {
text = ''
auth required pam_exec.so debug expose_authtok log=/tmp/lol /run/wrappers/bin/shadow_verify_pam ${cfg.pattern}
auth required pam_permit.so
account required pam_permit.so
session required pam_permit.so
session required pam_env.so envfile=${config.system.build.pamEnvironment}
'';
};
security.wrappers.shadow_verify_pam = {
source = "${usershadow}/bin/verify_pam";
owner = "root";
};
};
usershadow = let {