I think it's nice that it first asks the usual password, and then offers the
otpw one if enabled. That enables dovecot to show the last pam prompt.
I also add the dovecot option for that.
This is needed in order to properly lock your screen using the C-a C-x
(lockscreen) command _and_ being back to re-login, because the "other" PAM
service/fallback is to deny authentication.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Logind sessions are more generally useful than for device ownership.
For instances, ssh logins can be put in their own session (and thus
their own cgroup).
services (rather than just login(1)). It's rather unexpected if
resource limits are not applied to (say) users logged in via SSH or
X11.
svn path=/nixos/trunk/; revision=28105
config.krb5.enable needs to be set as true.
Also use pam_ccreds to cache Kerberos credentials for offline logins.
svn path=/nixos/trunk/; revision=22986
`su'.
* The `usermod' from `shadow' allows setting a supplementary group
equal to the user's primary group, so the special hack for the
`nixbld' group is no longer needed.
* Removed /etc/default/passwd since it's not used by the new passwd.
The hash is configured in pam_unix.
* Move some values for `security.setuidPrograms' and
`security.pam.services' to the appropriate modules.
svn path=/nixos/trunk/; revision=22107
with an empty password, rather than with a hashed empty password.
The latter is a security risk, because it allows remote root logins
if a user enables sshd before setting a proper root password.
* Allow empty passwords for login and slim, but nothing else.
svn path=/nixos/trunk/; revision=17833
work for X logins. (The documentation also says so.) Instead just
call ck-launch-session from the xsession script.
svn path=/nixos/trunk/; revision=17090
* Let ConsoleKit track the current logins instead of pam_console.
Udev now takes care of setting the device permissions to the active
user. This works much better, since pam_console wouldn't apply
permissions to new (hot-plugged) devices. Also, the udev+ConsoleKit
approach supports user switching. (We don't have that for X yet,
but it already works for logins on virtual consoles: if you switch
between different users on differents VCs with Alt+Fn, the device
ownership will be changed automatically.)
svn path=/nixos/trunk/; revision=16743
option security.pam.services containing the list of PAM services.
For instance, the SLiM module simply declares:
security.pam.services = [ { name = "slim"; localLogin = true; } ];
svn path=/nixos/trunk/; revision=16729
enabled as a session type. Since I'm lazy, provide it
unconditionally. Also have it include "common-console" to set
device ownership when logging in.
svn path=/nixos/branches/modular-nixos/; revision=15800
