Cleaned up ldap auth

master
noah metz 2023-11-27 21:38:26 -07:00
parent 3abe530126
commit b2e44cbd13
1 changed files with 7 additions and 14 deletions

@ -101,7 +101,7 @@
(name "usb")))
%base-groups))
(define %metznet-base-packages (append (list openssh nss-pam-ldapd openldap git neovim zsh le-certs nss-certs mit-krb5 openvpn openresolv) %base-packages))
(define %metznet-base-packages (append (list openssh openldap git neovim zsh le-certs nss-certs mit-krb5 openvpn openresolv) %base-packages))
(define %metznet-desktop-packages (append (list i3-wm i3status dmenu kitty icecat) %metznet-base-packages))
@ -155,27 +155,20 @@
(group services))))
(define pam-ldap-module (file-append nss-pam-ldapd "/lib/security/pam_ldap.so"))
(define (metznet-pam-service config)
(define (pam-mkhomedir-service config)
(lambda (pam)
(if (member (pam-service-name pam) config)
(let ((sufficient
(pam-entry
(control "sufficient")
(module pam-ldap-module)))
(required
(let ((required
(pam-entry
(control "required")
(module "pam_mkhomedir.so"))))
(pam-service
(inherit pam)
(session (cons required (pam-service-account pam)))
(password (cons sufficient (pam-service-account pam)))))
(session (cons required (pam-service-account pam)))))
pam)))
(define (metznet-pam-services config)
(list (metznet-pam-service config)))
(define (pam-mkhomedir-services config)
(list (pam-mkhomedir-service config)))
(define default-sssd-conf-file (plain-file "sssd.conf" (string-join (list
"[sssd]"
@ -199,7 +192,7 @@
(name 'metznet-service)
(description "MetzNet Services")
(extensions
(list (service-extension pam-root-service-type metznet-pam-services)))
(list (service-extension pam-root-service-type pam-mkhomedir-services)))
(default-value '())))
(define-configuration sssd-configuration