nixos/pam: refactor U2F, docs about u2f_keys path (#54756)

* change enableU2F option to u2f.* set * add few u2f options (not all) to customize pam-u2f module * document default u2f_keys locations Co-authored-by: Tomasz Czyż <tomasz.czyz@gmail.com> Co-authored-by: Arda Xi <arda@ardaxi.com>
author: Wael Nasreddine <wael.nasreddine@gmail.com> 2019-01-29 08:45:26 -0800
committer: GitHub <noreply@github.com> 2019-01-29 08:45:26 -0800
commit: f072cfe1ebff79efaa409258a38646a62c94dbff (patch)
tree: 2fdaa0a89f69ca153e22d3aa0d5def8792e06456 /nixos/tests/pam-u2f.nix
parent: 74d1850c0e70404ed697397051fb8865fa002ff8 (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/nixos/tests/pam-u2f.nix b/nixos/tests/pam-u2f.nix
new file mode 100644
index 0000000000000..1052a2f3b916e
--- /dev/null
+++ b/nixos/tests/pam-u2f.nix
@@ -0,0 +1,23 @@
+import ./make-test.nix ({ ... }:
+
+{
+  name = "pam-u2f";
+
+  machine =
+    { ... }:
+    {
+      security.pam.u2f = {
+        control = "required";
+        cue = true;
+        debug = true;
+        enable = true;
+        interactive = true;
+      };
+    };
+
+  testScript =
+    ''
+      $machine->waitForUnit('multi-user.target');
+      $machine->succeed('egrep "auth required .*/lib/security/pam_u2f.so.*debug.*interactive.*cue" /etc/pam.d/ -R');
+    '';
+})
author	Wael Nasreddine <wael.nasreddine@gmail.com>	2019-01-29 08:45:26 -0800
committer	GitHub <noreply@github.com>	2019-01-29 08:45:26 -0800
commit	f072cfe1ebff79efaa409258a38646a62c94dbff (patch)
tree	2fdaa0a89f69ca153e22d3aa0d5def8792e06456 /nixos/tests/pam-u2f.nix
parent	74d1850c0e70404ed697397051fb8865fa002ff8 (diff)