diff options
| author | Raito Bezarius <masterancpp@gmail.com> | 2023-10-30 15:37:56 +0100 |
|---|---|---|
| committer | Raito Bezarius <masterancpp@gmail.com> | 2024-02-08 02:59:45 +0100 |
| commit | 2d78f55438ee1d5d7683c0572ddc79dc3cd62a2a (patch) | |
| tree | 7735f8b188ae0c85a18150b97b297176f7b92b2a /nixos | |
| parent | cd5c10f69676a36ae44254b8cfd58f528a062f65 (diff) | |
pam_usb, nixos/pam-usb: drop
`security.pam.usb` is broken anyway and upstream has abandoned the software.
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/security/pam.nix | 12 | ||||
| -rw-r--r-- | nixos/modules/security/pam_usb.nix | 51 |
3 files changed, 0 insertions, 64 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 2996da3c2d554..1384c7c6dfa22 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -317,7 +317,6 @@ ./security/oath.nix ./security/pam.nix ./security/pam_mount.nix - ./security/pam_usb.nix ./security/please.nix ./security/polkit.nix ./security/rngd.nix diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index f809848fd4289..ed03254cb5ee5 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -205,17 +205,6 @@ let }; }; - usbAuth = mkOption { - default = config.security.pam.usb.enable; - defaultText = literalExpression "config.security.pam.usb.enable"; - type = types.bool; - description = lib.mdDoc '' - If set, users listed in - {file}`/etc/pamusb.conf` are able to log in - with the associated USB key. - ''; - }; - otpwAuth = mkOption { default = config.security.pam.enableOTPW; defaultText = literalExpression "config.security.pam.enableOTPW"; @@ -665,7 +654,6 @@ let authfile = u2f.authFile; appid = u2f.appId; }; }) - { name = "usb"; enable = cfg.usbAuth; control = "sufficient"; modulePath = "${pkgs.pam_usb}/lib/security/pam_usb.so"; } (let ussh = config.security.pam.ussh; in { name = "ussh"; enable = config.security.pam.ussh.enable && cfg.usshAuth; control = ussh.control; modulePath = "${pkgs.pam_ussh}/lib/security/pam_ussh.so"; settings = { ca_file = ussh.caFile; authorized_principals = ussh.authorizedPrincipals; diff --git a/nixos/modules/security/pam_usb.nix b/nixos/modules/security/pam_usb.nix deleted file mode 100644 index 4275c26c6bdaa..0000000000000 --- a/nixos/modules/security/pam_usb.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - - cfg = config.security.pam.usb; - - anyUsbAuth = any (attrByPath ["usbAuth"] false) (attrValues config.security.pam.services); - -in - -{ - options = { - - security.pam.usb = { - enable = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Enable USB login for all login systems that support it. For - more information, visit <https://github.com/aluzzardi/pam_usb/wiki/Getting-Started#setting-up-devices-and-users>. - ''; - }; - - }; - - }; - - config = mkIf (cfg.enable || anyUsbAuth) { - - # Make sure pmount and pumount are setuid wrapped. - security.wrappers = { - pmount = - { setuid = true; - owner = "root"; - group = "root"; - source = "${pkgs.pmount.out}/bin/pmount"; - }; - pumount = - { setuid = true; - owner = "root"; - group = "root"; - source = "${pkgs.pmount.out}/bin/pumount"; - }; - }; - - environment.systemPackages = [ pkgs.pmount ]; - - }; -} |