config.krb5.enable needs to be set as true.
Also use pam_ccreds to cache Kerberos credentials for offline logins.
svn path=/nixos/trunk/; revision=22986
`su'.
* The `usermod' from `shadow' allows setting a supplementary group
equal to the user's primary group, so the special hack for the
`nixbld' group is no longer needed.
* Removed /etc/default/passwd since it's not used by the new passwd.
The hash is configured in pam_unix.
* Move some values for `security.setuidPrograms' and
`security.pam.services' to the appropriate modules.
svn path=/nixos/trunk/; revision=22107
with an empty password, rather than with a hashed empty password.
The latter is a security risk, because it allows remote root logins
if a user enables sshd before setting a proper root password.
* Allow empty passwords for login and slim, but nothing else.
svn path=/nixos/trunk/; revision=17833
work for X logins. (The documentation also says so.) Instead just
call ck-launch-session from the xsession script.
svn path=/nixos/trunk/; revision=17090
* Let ConsoleKit track the current logins instead of pam_console.
Udev now takes care of setting the device permissions to the active
user. This works much better, since pam_console wouldn't apply
permissions to new (hot-plugged) devices. Also, the udev+ConsoleKit
approach supports user switching. (We don't have that for X yet,
but it already works for logins on virtual consoles: if you switch
between different users on differents VCs with Alt+Fn, the device
ownership will be changed automatically.)
svn path=/nixos/trunk/; revision=16743
option security.pam.services containing the list of PAM services.
For instance, the SLiM module simply declares:
security.pam.services = [ { name = "slim"; localLogin = true; } ];
svn path=/nixos/trunk/; revision=16729
enabled as a session type. Since I'm lazy, provide it
unconditionally. Also have it include "common-console" to set
device ownership when logging in.
svn path=/nixos/branches/modular-nixos/; revision=15800