51 lines
		
	
	
		
			1.1 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
			
		
		
	
	
			51 lines
		
	
	
		
			1.1 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
| # This module provides configuration for the OATH PAM modules.
 | |
| 
 | |
| { lib, ... }:
 | |
| 
 | |
| with lib;
 | |
| 
 | |
| {
 | |
|   options = {
 | |
| 
 | |
|     security.pam.oath = {
 | |
|       enable = mkOption {
 | |
|         type = types.bool;
 | |
|         default = false;
 | |
|         description = ''
 | |
|           Enable the OATH (one-time password) PAM module.
 | |
|         '';
 | |
|       };
 | |
| 
 | |
|       digits = mkOption {
 | |
|         type = types.enum [ 6 7 8 ];
 | |
|         default = 6;
 | |
|         description = ''
 | |
|           Specify the length of the one-time password in number of
 | |
|           digits.
 | |
|         '';
 | |
|       };
 | |
| 
 | |
|       window = mkOption {
 | |
|         type = types.int;
 | |
|         default = 5;
 | |
|         description = ''
 | |
|           Specify the number of one-time passwords to check in order
 | |
|           to accommodate for situations where the system and the
 | |
|           client are slightly out of sync (iteration for HOTP or time
 | |
|           steps for TOTP).
 | |
|         '';
 | |
|       };
 | |
| 
 | |
|       usersFile = mkOption {
 | |
|         type = types.path;
 | |
|         default = "/etc/users.oath";
 | |
|         description = ''
 | |
|           Set the path to file where the user's credentials are
 | |
|           stored. This file must not be world readable!
 | |
|         '';
 | |
|       };
 | |
|     };
 | |
| 
 | |
|   };
 | |
| }
 | 
