Commit graph

9 commits

Author SHA1 Message Date
Eelco Dolstra 5dfaf565bf * On the CD or on a newly installed system, create the root account
with an empty password, rather than with a hashed empty password.
  The latter is a security risk, because it allows remote root logins
  if a user enables sshd before setting a proper root password.
* Allow empty passwords for login and slim, but nothing else.

svn path=/nixos/trunk/; revision=17833
2009-10-15 14:41:59 +00:00
Eelco Dolstra 3e5912833d * For consistency with Nixpkgs.
svn path=/nixos/trunk/; revision=17427
2009-09-25 20:12:35 +00:00
Eelco Dolstra 379778c385 * For X logins, don't use pam_ck_connector since it doesn't really
work for X logins.  (The documentation also says so.)  Instead just
  call ck-launch-session from the xsession script.

svn path=/nixos/trunk/; revision=17090
2009-09-13 14:05:21 +00:00
Eelco Dolstra 447c1ac34a * SLiM / ConsoleKit compatibility hack.
svn path=/nixos/trunk/; revision=16744
2009-08-17 01:35:48 +00:00
Eelco Dolstra 7ab616f659 * Added support for ConsoleKit.
* Let ConsoleKit track the current logins instead of pam_console.
  Udev now takes care of setting the device permissions to the active
  user.  This works much better, since pam_console wouldn't apply
  permissions to new (hot-plugged) devices.  Also, the udev+ConsoleKit
  approach supports user switching.  (We don't have that for X yet,
  but it already works for logins on virtual consoles: if you switch
  between different users on differents VCs with Alt+Fn, the device
  ownership will be changed automatically.)

svn path=/nixos/trunk/; revision=16743
2009-08-17 01:16:38 +00:00
Eelco Dolstra 3b931f7861 * We still need /etc/pam.d/other to keep usermod happy.
svn path=/nixos/trunk/; revision=16731
2009-08-16 15:46:24 +00:00
Eelco Dolstra 39bffdb34c * Make the generation of /etc/pam.d more declarative. There now is an
option security.pam.services containing the list of PAM services.
  For instance, the SLiM module simply declares:

    security.pam.services = [ { name = "slim"; localLogin = true; } ];

svn path=/nixos/trunk/; revision=16729
2009-08-16 14:49:14 +00:00
Eelco Dolstra 720d51179e * kdm needs the "kde" PAM module, but you only get it when KDE is
enabled as a session type.  Since I'm lazy, provide it
  unconditionally.  Also have it include "common-console" to set
  device ownership when logging in.

svn path=/nixos/branches/modular-nixos/; revision=15800
2009-05-29 14:57:31 +00:00
Eelco Dolstra 14f1c81822 * Move PAM configuration to modules/security/pam.nix.
svn path=/nixos/branches/modular-nixos/; revision=15766
2009-05-28 13:10:02 +00:00