Commit 22a500a3 authored by Peter Hoeg's avatar Peter Hoeg
Browse files

pam_mount: do not re-prompt for password 

nixos-rebuild test causes pam_mount to prompt for a password when running with
an encrypted home:

building '/nix/store/p6bflh7n5zy2dql8l45mix9qnzq65hbk-nixos-system-mildred-18.09.git.98592c5da79M.drv'...
activating the configuration...
setting up /etc...
reenter password for pam_mount:
(mount.c:68): Messages from underlying mount program:
(mount.c:72): crypt_activate_by_passphrase: File exists
(pam_mount.c:522): mount of /dev/mapper/vg0-lv_home_peter failed
kbuildsycoca5 running...

This change makes pam_mount not prompt. It still tries to remount (and fails in
the process) but that message can be ignored.

Fixes: #44586
parent 4cdfe28f

nixos/modules/security/pam.nix

+2 −2
Original line number Diff line number Diff line
@@ -428,7 +428,7 @@ let 
              ${optionalString config.security.pam.enableEcryptfs

                "auth optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"}

              ${optionalString cfg.pamMount

                "auth optional ${pkgs.pam_mount}/lib/security/pam_mount.so"}

                "auth optional ${pkgs.pam_mount}/lib/security/pam_mount.so disable_interactive"}

              ${optionalString cfg.enableKwallet

                ("auth optional ${pkgs.plasma5Packages.kwallet-pam}/lib/security/pam_kwallet5.so" +

                 " kwalletd=${pkgs.plasma5Packages.kwallet.bin}/bin/kwalletd5")}
@@ -489,7 +489,7 @@ let 
          ${optionalString config.security.pam.enableEcryptfs

              "session optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"}

          ${optionalString cfg.pamMount

              "session optional ${pkgs.pam_mount}/lib/security/pam_mount.so"}

              "session optional ${pkgs.pam_mount}/lib/security/pam_mount.so disable_interactive"}

          ${optionalString use_ldap

              "session optional ${pam_ldap}/lib/security/pam_ldap.so"}

          ${optionalString config.services.sssd.enable