diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 02520fb88cd..0aa8ee0da82 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -251,9 +251,9 @@ let ${optionalString (!(config.security.pam.enableEcryptfs || cfg.pamMount)) "auth required pam_deny.so"} # Password management. + password requisite pam_unix.so nullok sha512 ${optionalString config.security.pam.enableEcryptfs "password optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"} - password requisite pam_unix.so nullok sha512 ${optionalString cfg.pamMount "password optional ${pkgs.pam_mount}/lib/security/pam_mount.so"} ${optionalString config.users.ldap.enable diff --git a/pkgs/tools/security/ecryptfs/default.nix b/pkgs/tools/security/ecryptfs/default.nix index 590e6071b52..0ea5bc62fd4 100644 --- a/pkgs/tools/security/ecryptfs/default.nix +++ b/pkgs/tools/security/ecryptfs/default.nix @@ -1,13 +1,13 @@ { stdenv, fetchurl, pkgconfig, perl, utillinux, keyutils, nss, nspr, python, pam -, intltool, makeWrapper, coreutils, bash, gettext, cryptsetup, lvm2, rsync, which }: +, intltool, makeWrapper, coreutils, bash, gettext, cryptsetup, lvm2, rsync, which, lsof }: stdenv.mkDerivation rec { name = "ecryptfs-${version}"; - version = "106"; + version = "108"; src = fetchurl { url = "http://launchpad.net/ecryptfs/trunk/${version}/+download/ecryptfs-utils_${version}.orig.tar.gz"; - sha256 = "1d5nlzcbl8ch639zi3lq6d14gkk4964j6dqhfs87i67867fhlghp"; + sha256 = "1pfpzc907m4qi5h2rxmkqq072c6g22pik2rilj4bl4qishd8p0sj"; }; #TODO: replace wrapperDir below with from config.security.wrapperDir; @@ -43,6 +43,7 @@ stdenv.mkDerivation rec { --prefix PATH ":" "${rsync}/bin" \ --prefix PATH ":" "${keyutils}/bin" \ --prefix PATH ":" "${which}/bin" \ + --prefix PATH ":" "${lsof}/bin" \ --prefix PATH ":" "$out/bin" done '';