philipp
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

Merge pull request #96672 from doronbehar/module/samba 

nixos/samba: remove upstream deprecated syncPasswordsByPam option
gstqt5
Doron Behar 2020-10-04 11:29:56 +03:00 committed by GitHub
parent c12b9cd9c8 8cd4d59a32
commit 9544c6078e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 1 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/security/pam.nix
View File

@ -429,8 +429,6 @@ let
"password sufficient ${pkgs.sssd}/lib/security/pam_sss.so use_authtok"}
${optionalString config.krb5.enable
"password sufficient ${pam_krb5}/lib/security/pam_krb5.so use_first_pass"}
${optionalString config.services.samba.syncPasswordsByPam
"password optional ${pkgs.samba}/lib/security/pam_smbpass.so nullok use_authtok try_first_pass"}
${optionalString cfg.enableGnomeKeyring
"password optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so use_authtok"}

14
nixos/modules/services/network-filesystems/samba.nix
View File

@ -26,7 +26,6 @@ let
[global]
security = ${cfg.securityType}
passwd program = /run/wrappers/bin/passwd %u
pam password change = ${smbToString cfg.syncPasswordsByPam}
invalid users = ${smbToString cfg.invalidUsers}
${cfg.extraConfig}
@ -67,6 +66,7 @@ in
{
imports = [
(mkRemovedOptionModule [ "services" "samba" "defaultShare" ] "")
(mkRemovedOptionModule [ "services" "samba" "syncPasswordsByPam" ] "This option has been removed by upstream, see https://bugzilla.samba.org/show_bug.cgi?id=10669#c10")
];
###### interface
@ -124,18 +124,6 @@ in
'';
};
syncPasswordsByPam = mkOption {
type = types.bool;
default = false;
description = ''
Enabling this will add a line directly after pam_unix.so.
Whenever a password is changed the samba password will be updated as well.
However, you still have to add the samba password once, using smbpasswd -a user.
If you don't want to maintain an extra password database, you still can send plain text
passwords which is not secure.
'';
};
invalidUsers = mkOption {
type = types.listOf types.str;
default = [ "root" ];