-
-
Notifications
You must be signed in to change notification settings - Fork 14.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/fprintd: option to inhibit PAM rule creation #107320
base: master
Are you sure you want to change the base?
Conversation
Currently, `security.pam.services.<name>.fprintAuth`'s default value is the value of `services.fprintd.enable`. Since many fingerprint readers are located on laptops in such a way that they may be inaccessible when the laptop lid is closed, it is tedious to undo this default for commonly used services such as `sudo`, while keeping occasional services like login or screen lockers. This commit adds the `services.fprintd.global` (default: `true`), that prevents fprintd PAM rules from being created for every service. By having a default value of `true`, every user's current configs will behave identically to before if they choose to not set this option.
Related: #105319 . |
I marked this as stale due to inactivity. → More info |
This PR is a great initiative. There can be many cases where For instance in my case :
Please note that the mentioned related PR has been closed because too complex, whereas this one is very simple, selective, and backwards compatible (assuming fixed conflicts). Any chance to give it a look? :) |
Motivation for this change
Currently,
security.pam.services.<name>.fprintAuth
's default value is the value ofservices.fprintd.enable
.Since many fingerprint readers are located on laptops in such a way that they may be inaccessible when the laptop lid is closed, it is tedious to undo this default for commonly used services such as
sudo
, while keeping occasional services like login or screen lockers.This commit adds the
services.fprintd.global
(default:true
), that prevents fprintd PAM rules from being created for every service. By having a default value oftrue
, every user's current configs will behave identically to before if they choose to not set this option.Example:
Things done
global
(for lack of a more creative name...suggestions?) option toservices.fprint
services/fprintd.nix
package
override only being honored in one reference.sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)