diff --git a/system/base-system.scm b/system/base-system.scm index aac5aa9..828d630 100644 --- a/system/base-system.scm +++ b/system/base-system.scm @@ -101,7 +101,7 @@ (name "usb"))) %base-groups)) -(define %metznet-base-packages (append (list openssh nss-pam-ldapd openldap git neovim zsh le-certs nss-certs mit-krb5 openvpn openresolv) %base-packages)) +(define %metznet-base-packages (append (list openssh openldap git neovim zsh le-certs nss-certs mit-krb5 openvpn openresolv) %base-packages)) (define %metznet-desktop-packages (append (list i3-wm i3status dmenu kitty icecat) %metznet-base-packages)) @@ -155,27 +155,20 @@ (group services)))) -(define pam-ldap-module (file-append nss-pam-ldapd "/lib/security/pam_ldap.so")) - -(define (metznet-pam-service config) +(define (pam-mkhomedir-service config) (lambda (pam) (if (member (pam-service-name pam) config) - (let ((sufficient - (pam-entry - (control "sufficient") - (module pam-ldap-module))) - (required + (let ((required (pam-entry (control "required") (module "pam_mkhomedir.so")))) (pam-service (inherit pam) - (session (cons required (pam-service-account pam))) - (password (cons sufficient (pam-service-account pam))))) + (session (cons required (pam-service-account pam))))) pam))) -(define (metznet-pam-services config) - (list (metznet-pam-service config))) +(define (pam-mkhomedir-services config) + (list (pam-mkhomedir-service config))) (define default-sssd-conf-file (plain-file "sssd.conf" (string-join (list "[sssd]" @@ -199,7 +192,7 @@ (name 'metznet-service) (description "MetzNet Services") (extensions - (list (service-extension pam-root-service-type metznet-pam-services))) + (list (service-extension pam-root-service-type pam-mkhomedir-services))) (default-value '()))) (define-configuration sssd-configuration