Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 9f35287e8e70
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: c5bc77d15112
Choose a head ref
  • 3 commits
  • 2 files changed
  • 4 contributors

Commits on Aug 30, 2019

  1. yubico-pam: unstable-2019-03-19 -> unstable-2019-07-01 

    Co-Authored-By: Marek Mahut <marek.mahut@gmail.com>
    @typetetris @mmahut
    typetetris and mmahut committed Aug 30, 2019
    Copy the full SHA
    74bfecb View commit details

  2. yubico-pam: make local authentication possible 

    using challenge response

see https://developers.yubico.com/yubico-pam/Authentication_Using_Challenge-Response.html
    @typetetris
    typetetris committed Aug 30, 2019
    Copy the full SHA
    edf538f View commit details

Commits on Sep 24, 2019

  1. Merge pull request #67748 from typetetris/yubico-local-auth 

    Yubico local auth
    @Mic92
    Mic92 authored Sep 24, 2019
    Copy the full SHA
    c5bc77d View commit details
Showing with 21 additions and 4 deletions.
  1. +18 −1 nixos/modules/security/pam.nix
  2. +3 −3 pkgs/development/libraries/yubico-pam/default.nix
19 changes: 18 additions & 1 deletion nixos/modules/security/pam.nix
View file
Original file line number Diff line number Diff line change
@@ -351,7 +351,7 @@ let
${let oath = config.security.pam.oath; in optionalString cfg.oathAuth
"auth requisite ${pkgs.oathToolkit}/lib/security/pam_oath.so window=${toString oath.window} usersfile=${toString oath.usersFile} digits=${toString oath.digits}"}
${let yubi = config.security.pam.yubico; in optionalString cfg.yubicoAuth
"auth ${yubi.control} ${pkgs.yubico-pam}/lib/security/pam_yubico.so id=${toString yubi.id} ${optionalString yubi.debug "debug"}"}
"auth ${yubi.control} ${pkgs.yubico-pam}/lib/security/pam_yubico.so mode=${toString yubi.mode} ${optionalString (yubi.mode == "client") "id=${toString yubi.id}"} ${optionalString yubi.debug "debug"}"}
'' +
# Modules in this block require having the password set in PAM_AUTHTOK.
# pam_unix is marked as 'sufficient' on NixOS which means nothing will run
@@ -696,6 +696,23 @@ in
Debug output to stderr.
'';
};
mode = mkOption {
default = "client";
type = types.enum [ "client" "challenge-response" ];
description = ''
Mode of operation.
Use "client" for online validation with a YubiKey validation service such as
the YubiCloud.
Use "challenge-response" for offline validation using YubiKeys with HMAC-SHA-1
Challenge-Response configurations. See the man-page ykpamcfg(1) for further
details on how to configure offline Challenge-Response validation.
More information can be found <link
xlink:href="https://developers.yubico.com/yubico-pam/Authentication_Using_Challenge-Response.html">here</link>.
'';
};
};

security.pam.enableEcryptfs = mkOption {
6 changes: 3 additions & 3 deletions pkgs/development/libraries/yubico-pam/default.nix
View file
Original file line number Diff line number Diff line change
@@ -4,12 +4,12 @@

stdenv.mkDerivation rec {
pname = "yubico-pam";
version = "unstable-2019-03-19";
version = "unstable-2019-07-01";
src = fetchFromGitHub {
owner = "Yubico";
repo = pname;
rev = "1c6fa66825e77b3ad8df46513d0125bed9bde704";
sha256 = "1g41wdwa1wbp391w1crbis4hwz60m3y06rd6j59m003zx40sk9s4";
rev = "b5bd00db81e0e0e0ecced65c684080bb56ddc35b";
sha256 = "10dq8dqi3jldllj6p8r9hldx9sank9n82c44w8akxrs1vli6nj3m";
};

nativeBuildInputs = [ autoreconfHook pkgconfig asciidoc libxslt docbook_xsl ];