nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-02-01 01:33:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

nixos/sudo: Move support for pam_ssh_agent_auth(8) to PAM's NixOS module

Browse Source
This commit is contained in:
nicoo 2023-09-04 21:06:12 +00:00
parent ad92951579
commit 19e1420e13
2 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nixos/modules/security/pam.nix
View File

@ -1531,6 +1531,10 @@ in
(map (module: "mr ${module},"))
concatLines
]);
};
security.sudo.extraConfig = optionalString config.security.pam.enableSSHAgentAuth ''
# Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic.
Defaults env_keep+=SSH_AUTH_SOCK
'';
};
}

8
nixos/modules/security/sudo.nix
View File

@ -6,6 +6,8 @@ let
cfg = config.security.sudo;
inherit (config.security.pam) enableSSHAgentAuth;
toUserString = user: if (isInt user) then "#${toString user}" else "${user}";
toGroupString = group: if (isInt group) then "%#${toString group}" else "%${group}";
@ -207,10 +209,8 @@ in
''
# Don't edit this file. Set the NixOS options security.sudo.configFile
# or security.sudo.extraRules instead.
# Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic.
Defaults env_keep+=SSH_AUTH_SOCK
''
''
# "root" is allowed to do anything.
root ALL=(ALL:ALL) SETENV: ALL
''