movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-09 19:13:26 +03:00
Code Issues Projects Releases Packages Wiki Activity

Google Authenticator 2FA support over XRDP (#407736)

Browse source
This commit is contained in:
Pol Dellaiera 2025-05-28 17:57:00 +00:00 committed by GitHub
commit a3e8ba327e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 19 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

19
nixos/modules/security/pam.nix
View file

@ -249,6 +249,23 @@ let
to provide Google Authenticator token to log in. to provide Google Authenticator token to log in.
''; '';
}; };
allowNullOTP = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether to allow login for accounts that have no OTP set
(i.e., accounts with no OTP configured or no existing
{file}`~/.google_authenticator`).
'';
};
forwardPass = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
The authentication provides a single field requiring
the user's password followed by the one-time password (OTP).
'';
};
}; };
otpwAuth = lib.mkOption { otpwAuth = lib.mkOption {
@ -1048,6 +1065,8 @@ let
modulePath = "${pkgs.google-authenticator}/lib/security/pam_google_authenticator.so"; modulePath = "${pkgs.google-authenticator}/lib/security/pam_google_authenticator.so";
settings = { settings = {
no_increment_hotp = true; no_increment_hotp = true;
forward_pass = cfg.googleAuthenticator.forwardPass;
nullok = cfg.googleAuthenticator.allowNullOTP;
}; };
} }
{ {