Don't configure kerberos unless it's necessary
This commit is contained in:
parent
2d01513547
commit
0272bcadd3
|
|
@ -231,7 +231,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services."container@paris".after =
|
systemd.services."container@paris".after =
|
||||||
[ config.fudo.secrets.secret-target ];
|
optional (!isNull cfg.kerberos) config.fudo.secrets.secret-target;
|
||||||
|
|
||||||
containers.paris = {
|
containers.paris = {
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
@ -276,7 +276,7 @@ in {
|
||||||
|
|
||||||
security.pam.krb5.enable = true;
|
security.pam.krb5.enable = true;
|
||||||
|
|
||||||
krb5 = {
|
krb5 = mkIf (!isNull cfg.kerberos) {
|
||||||
enable = true;
|
enable = true;
|
||||||
kerberos = pkgs.heimdal;
|
kerberos = pkgs.heimdal;
|
||||||
libdefaults = config.krb5.libdefaults;
|
libdefaults = config.krb5.libdefaults;
|
||||||
|
|
@ -296,7 +296,7 @@ in {
|
||||||
UseDns = true;
|
UseDns = true;
|
||||||
PermitRootLogin = "no";
|
PermitRootLogin = "no";
|
||||||
};
|
};
|
||||||
extraConfig = ''
|
extraConfig = optionalString (!isNull cfg.kerberos) ''
|
||||||
GSSAPIAuthentication yes
|
GSSAPIAuthentication yes
|
||||||
GSSAPICleanupCredentials yes
|
GSSAPICleanupCredentials yes
|
||||||
'';
|
'';
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue