diff options
| author | Lassulus <github@lassul.us> | 2022-08-21 20:57:17 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-08-21 20:57:17 +0200 |
| commit | f95d0b966e1ecf35a8feaebe506dc417956fb7cb (patch) | |
| tree | 60fc433f5071ccea4b0e332cf5a2263552c3d208 /nixos/modules/security/pam.nix | |
| parent | 9e0494b3d1a8d9a8d4d3b8d0eea20cff32cb610e (diff) | |
| parent | 305b633423fce2fc4848bcf9e45379ef51eb738c (diff) | |
Merge pull request #173495 from wucke13/pam-fix
Diffstat (limited to 'nixos/modules/security/pam.nix')
| -rw-r--r-- | nixos/modules/security/pam.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 94b59c83d4a73..c30cbd23e2971 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -521,7 +521,7 @@ let # Modules in this block require having the password set in PAM_AUTHTOK. # pam_unix is marked as 'sufficient' on NixOS which means nothing will run # after it succeeds. Certain modules need to run after pam_unix - # prompts the user for password so we run it once with 'required' at an + # prompts the user for password so we run it once with 'optional' at an # earlier point and it will run again with 'sufficient' further down. # We use try_first_pass the second time to avoid prompting password twice (optionalString (cfg.unixAuth && @@ -534,7 +534,7 @@ let || cfg.duoSecurity.enable)) ( '' - auth required pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} ${optionalString cfg.nodelay "nodelay"} likeauth + auth optional pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} ${optionalString cfg.nodelay "nodelay"} likeauth '' + optionalString config.security.pam.enableEcryptfs '' auth optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap |