nixos/gdm: add fingerprint pam rules

Signed-off-by: John Titor <50095635+JohnRTitor@users.noreply.github.com>
This commit is contained in:
Maxine Aubrey 2024-04-23 18:58:49 +02:00 committed by John Titor
parent 124ae37067
commit 9d41fe6fcc
No known key found for this signature in database
GPG Key ID: 29B0514F4E3C1CC0

View File

@ -321,6 +321,22 @@ in
session include login session include login
''; '';
login.fprintAuth = mkIf config.services.fprintd.enable false;
gdm-fingerprint.text = mkIf config.services.fprintd.enable ''
auth required pam_shells.so
auth requisite pam_nologin.so
auth requisite pam_faillock.so preauth
auth required ${pkgs.fprintd}/lib/security/pam_fprintd.so
auth optional pam_permit.so
auth required pam_env.so
auth [success=ok default=1] ${pkgs.gnome.gdm}/lib/security/pam_gdm.so
account include login
password required pam_deny.so
session include login
'';
}; };
}; };