diff options
| author | Wout Mertens <Wout.Mertens@gmail.com> | 2017-11-29 20:41:32 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-11-29 20:41:32 +0100 |
| commit | a58b35aa0fa6b08ca5a4c7cdb032e64c46597c4c (patch) | |
| tree | e56296d1b507cf774b21ef5465ad2baf3a8864da | |
| parent | Merge pull request #32176 from kosta/master (diff) | |
| download | nixpkgs-origin/pam-ssh-security.tar.gz | |
pam-sshagent: only allow managed SSH keysorigin/pam-ssh-security
[Breaking change] Fixes #316
| -rw-r--r-- | nixos/modules/security/pam.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 2d6713311a45..d6b70eb07f73 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -257,7 +257,7 @@ let ${optionalString cfg.logFailures "auth required pam_tally.so"} ${optionalString (config.security.pam.enableSSHAgentAuth && cfg.sshAgentAuth) - "auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=~/.ssh/authorized_keys:~/.ssh/authorized_keys2:/etc/ssh/authorized_keys.d/%u"} + "auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=/etc/ssh/authorized_keys.d/%u"} ${optionalString cfg.fprintAuth "auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so"} ${optionalString cfg.u2fAuth |