Why is pam_unix required, even if unixAuth = false #104346
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is more of a proposal/question than an actual pull request. Not sure how to actually test it!
Motivation for this change
I was unable to set security.pam.services.sshd.unixAuth to false, and was having issues with SDDM/SSSD previously #94744 then I noticed no matter what, pam_unix.so was marked as required. Even if unixAuth = false.
Things done
Wrapped all * required pam_unix.so in optionalString's based on other lines I saw in this file. Not sure if that would fix my problem or not, hoping someone who knows more about NixOS could weigh in. I'd also like to note that SSSD worked with SSH/Console log in out of the box when I opened #94744 and are now both borked for some reason.
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)