From ec9cfba2d36726a008fcaa642cf97558d1a70857 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Tue, 18 May 2021 05:40:52 +0200
Subject: [PATCH] nixos/phosh: Fix unrestricted login because of insecure PAM
 config

The PAM config deployed would not check anything meaningful. Remove it
and rely on the defaults in the security.pam module to fix login with
arbitrary credentials.

Resolves: #123435
---
 nixos/modules/programs/phosh.nix | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/nixos/modules/programs/phosh.nix b/nixos/modules/programs/phosh.nix
index 150874be674..1f50065f781 100644
--- a/nixos/modules/programs/phosh.nix
+++ b/nixos/modules/programs/phosh.nix
@@ -145,15 +145,7 @@ in {
 
     programs.feedbackd.enable = true;
 
-    # https://source.puri.sm/Librem5/phosh/-/issues/303
-    security.pam.services.phosh = {
-      text = ''
-        auth    requisite       pam_nologin.so
-        auth    required        pam_succeed_if.so user != root quiet_success
-        auth    required        pam_securetty.so
-        auth    requisite       pam_nologin.so
-      '';
-    };
+    security.pam.services.phosh = {};
 
     services.gnome.core-shell.enable = true;
     services.gnome.core-os-services.enable = true;