diff options
| author | Josselin Poiret <dev@jpoiret.xyz> | 2023-05-09 18:45:07 +0200 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2023-05-11 13:21:45 +0200 |
| commit | 2df5d4fd18a2fbcb8066a50e2da8ec64635f5162 (patch) | |
| tree | ecfc8aae744998169e2b38c2e756abeb4210d9f9 /gnu/services/kerberos.scm | |
| parent | b2a65b4c8cfe06eb48e0db83a408dd84175e07dc (diff) | |
| download | guix-2df5d4fd18a2fbcb8066a50e2da8ec64635f5162.tar.gz | |
system: pam: Let PAM extensions add shepherd requirements.
* gnu/system/pam.scm (<pam-extension>): New record type. (pam-shepherd-service): Add Shepherd synchronization point. * gnu/services/mail.scm (dovecot-shepherd-service) * gnu/services/lightdm.scm (lightdm-shepherd-service) * gnu/services/mail.scm (opensmtpd-shepherd-service) * gnu/services/sddm.scm (sddm-shepherd-service) * gnu/services/ssh.scm (lsh-shepherd-service, openssh-shepherd-service) * gnu/services/xorg.scm (slim-shepherd-service, gdm-shepherd-service) * gnu/services/base.scm (greetd-shepherd-services): Add PAM requirement. * gnu/system/pam.scm (/etc-entry, extend-configuration, pam-root-service-type, pam-root-service) * gnu/services/authentication.scm (pam-ldap-pam-service) * gnu/services/base.scm (pam-limits-service-type) (greetd-pam-service) * gnu/services/desktop.scm (pam-gnome-keyring) * gnu/services/kerberos.scm (pam-krb5-pam-service) * gnu/services/pam-mount.scm (pam-mount-pam-service): Adapt to use pam-extension. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Diffstat (limited to 'gnu/services/kerberos.scm')
| -rw-r--r-- | gnu/services/kerberos.scm | 44 |
1 files changed, 23 insertions, 21 deletions
diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm index c3c7872734..1a1b37f890 100644 --- a/gnu/services/kerberos.scm +++ b/gnu/services/kerberos.scm @@ -428,27 +428,29 @@ generates such a file. It does not cause any daemon to be started."))) (define (pam-krb5-pam-service config) "Return a PAM service for Kerberos authentication." - (lambda (pam) - (define pam-krb5-module - #~(string-append #$(pam-krb5-configuration-pam-krb5 config) - "/lib/security/pam_krb5.so")) - - (let ((pam-krb5-sufficient - (pam-entry - (control "sufficient") - (module pam-krb5-module) - (arguments - (list - (format #f "minimum_uid=~a" - (pam-krb5-configuration-minimum-uid config))))))) - (pam-service - (inherit pam) - (auth (cons* pam-krb5-sufficient - (pam-service-auth pam))) - (session (cons* pam-krb5-sufficient - (pam-service-session pam))) - (account (cons* pam-krb5-sufficient - (pam-service-account pam))))))) + (pam-extension + (transformer + (lambda (pam) + (define pam-krb5-module + #~(string-append #$(pam-krb5-configuration-pam-krb5 config) + "/lib/security/pam_krb5.so")) + + (let ((pam-krb5-sufficient + (pam-entry + (control "sufficient") + (module pam-krb5-module) + (arguments + (list + (format #f "minimum_uid=~a" + (pam-krb5-configuration-minimum-uid config))))))) + (pam-service + (inherit pam) + (auth (cons* pam-krb5-sufficient + (pam-service-auth pam))) + (session (cons* pam-krb5-sufficient + (pam-service-session pam))) + (account (cons* pam-krb5-sufficient + (pam-service-account pam))))))))) (define (pam-krb5-pam-services config) (list (pam-krb5-pam-service config))) |