pam_mount: do not re-prompt for password

nixos-rebuild test causes pam_mount to prompt for a password when running with
an encrypted home:

building '/nix/store/p6bflh7n5zy2dql8l45mix9qnzq65hbk-nixos-system-mildred-18.09.git.98592c5da79M.drv'...
activating the configuration...
setting up /etc...
reenter password for pam_mount:
(mount.c:68): Messages from underlying mount program:
(mount.c:72): crypt_activate_by_passphrase: File exists
(pam_mount.c:522): mount of /dev/mapper/vg0-lv_home_peter failed
kbuildsycoca5 running...

This change makes pam_mount not prompt. It still tries to remount (and fails in
the process) but that message can be ignored.

Fixes: #44586
This commit is contained in:
Peter Hoeg 2020-06-10 10:55:14 +08:00
parent 4cdfe28fec
commit 22a500a3f8

View File

@ -428,7 +428,7 @@ let
${optionalString config.security.pam.enableEcryptfs
"auth optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"}
${optionalString cfg.pamMount
"auth optional ${pkgs.pam_mount}/lib/security/pam_mount.so"}
"auth optional ${pkgs.pam_mount}/lib/security/pam_mount.so disable_interactive"}
${optionalString cfg.enableKwallet
("auth optional ${pkgs.plasma5Packages.kwallet-pam}/lib/security/pam_kwallet5.so" +
" kwalletd=${pkgs.plasma5Packages.kwallet.bin}/bin/kwalletd5")}
@ -489,7 +489,7 @@ let
${optionalString config.security.pam.enableEcryptfs
"session optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"}
${optionalString cfg.pamMount
"session optional ${pkgs.pam_mount}/lib/security/pam_mount.so"}
"session optional ${pkgs.pam_mount}/lib/security/pam_mount.so disable_interactive"}
${optionalString use_ldap
"session optional ${pam_ldap}/lib/security/pam_ldap.so"}
${optionalString config.services.sssd.enable