public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nixpkgs/nixos/modules/security/oath.nix

51 lines
1.1 KiB
Nix
Raw Normal View History

config.security.oath: new module Add a module to make options to pam_oath module configurable. These are: - enable - enable the OATH pam module - window - number of OTPs to check - digits - length of the OTP (adds support for two-factor auth) - usersFile - filename to store OATH credentials in
2016-02-24 21:41:02 +00:00
# This module provides configuration for the OATH PAM modules.
{ config, lib, pkgs, ... }:
with lib;
{
options = {
security.pam.oath = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable the OATH (one-time password) PAM module.
'';
};
digits = mkOption {
type = types.enum [ 6 7 8 ];
default = 6;
description = ''
Specify the length of the one-time password in number of
digits.
'';
};
window = mkOption {
type = types.int;
default = 5;
description = ''
Specify the number of one-time passwords to check in order
to accommodate for situations where the system and the
client are slightly out of sync (iteration for HOTP or time
steps for TOTP).
'';
};
usersFile = mkOption {
type = types.path;
default = "/etc/users.oath";
description = ''
Set the path to file where the user's credentials are
stored. This file must not be world readable!
'';
};
};
};
}
Reference in New Issue Copy Permalink