nixos/security/pam: Add nodelay option

Closes #65551
2020-02-23 14:55:47 +01:00 · 2020-02-23 14:55:47 +01:00 · dc1efa99a0
parent 09c1342c70
commit dc1efa99a0
1 changed files with 10 additions and 2 deletions
--- a/nixos/modules/security/pam.nix
+++ b/nixos/modules/security/pam.nix
@ -219,6 +219,14 @@ let
        '';
      };
      nodelay = mkOption {
        default = false;
        type = types.bool;
        description = ''
          Wheather the delay after typing a wrong password should be disabled.
        '';
      };
      requireWheel = mkOption {
        default = false;
        type = types.bool;
@ -366,7 +374,7 @@ let
            || cfg.enableGnomeKeyring
            || cfg.googleAuthenticator.enable
            || cfg.duoSecurity.enable)) ''
-              auth required pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} likeauth
+              auth required pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} ${optionalString cfg.nodelay "nodelay"} likeauth
              ${optionalString config.security.pam.enableEcryptfs
                "auth optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"}
              ${optionalString cfg.pamMount
@ -382,7 +390,7 @@ let
                "auth required ${pkgs.duo-unix}/lib/security/pam_duo.so"}
            '') + ''
          ${optionalString cfg.unixAuth
-              "auth sufficient pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} likeauth try_first_pass"}
+              "auth sufficient pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} ${optionalString cfg.nodelay "nodelay"} likeauth try_first_pass"}
          ${optionalString cfg.otpwAuth
              "auth sufficient ${pkgs.otpw}/lib/security/pam_otpw.so"}
          ${optionalString use_ldap