mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-09-20 12:29:02 +02:00
nixos/pam: add option failDelay
Co-authored-by: Bobby Rong <rjl931189261@126.com>
This commit is contained in:
parent
1c64f29ee9
commit
ab0ae8f5e1
|
@ -383,6 +383,24 @@ let
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
failDelay = {
|
||||||
|
enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
If enabled, this will replace the `FAIL_DELAY` setting from `login.defs`.
|
||||||
|
Change the delay on failure per-application.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
delay = mkOption {
|
||||||
|
default = 3000000;
|
||||||
|
type = types.int;
|
||||||
|
example = 1000000;
|
||||||
|
description = lib.mdDoc "The delay time (in microseconds) on failure.";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
gnupg = {
|
gnupg = {
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
|
@ -513,6 +531,7 @@ let
|
||||||
|| cfg.enableGnomeKeyring
|
|| cfg.enableGnomeKeyring
|
||||||
|| cfg.googleAuthenticator.enable
|
|| cfg.googleAuthenticator.enable
|
||||||
|| cfg.gnupg.enable
|
|| cfg.gnupg.enable
|
||||||
|
|| cfg.failDelay.enable
|
||||||
|| cfg.duoSecurity.enable))
|
|| cfg.duoSecurity.enable))
|
||||||
(
|
(
|
||||||
''
|
''
|
||||||
|
@ -533,6 +552,9 @@ let
|
||||||
optionalString cfg.gnupg.enable ''
|
optionalString cfg.gnupg.enable ''
|
||||||
auth optional ${pkgs.pam_gnupg}/lib/security/pam_gnupg.so ${optionalString cfg.gnupg.storeOnly " store-only"}
|
auth optional ${pkgs.pam_gnupg}/lib/security/pam_gnupg.so ${optionalString cfg.gnupg.storeOnly " store-only"}
|
||||||
'' +
|
'' +
|
||||||
|
optionalString cfg.failDelay.enable ''
|
||||||
|
auth optional ${pkgs.pam}/lib/security/pam_faildelay.so delay=${toString cfg.failDelay.delay}
|
||||||
|
'' +
|
||||||
optionalString cfg.googleAuthenticator.enable ''
|
optionalString cfg.googleAuthenticator.enable ''
|
||||||
auth required ${pkgs.google-authenticator}/lib/security/pam_google_authenticator.so no_increment_hotp
|
auth required ${pkgs.google-authenticator}/lib/security/pam_google_authenticator.so no_increment_hotp
|
||||||
'' +
|
'' +
|
||||||
|
|
Loading…
Reference in a new issue