* gnu/services/base.scm (mingetty-service): * gnu/system/linux.scm (unix-pam-service, base-pam-services): Add #:additional-session-modules keyword argument. --- gnu/services/base.scm | 6 ++++-- gnu/system/linux.scm | 27 ++++++++++++++++----------- 2 files changed, 20 insertions(+), 13 deletions(-)
diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 888e446..60dc93b 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -364,7 +364,8 @@ stopped before 'kill' is called." ;; Allow empty passwords by default so that ;; first-time users can log in when the 'root' ;; account has just been created. - (allow-empty-passwords? #t)) + (allow-empty-passwords? #t) + (additional-session-modules '())) "Return a service to run mingetty on @var{tty}. When @var{allow-empty-passwords?} is true, allow empty log-in password. When @@ -416,7 +417,8 @@ the ``message of the day''." ;; duplicates are removed. (list (unix-pam-service "login" #:allow-empty-passwords? allow-empty-passwords? - #:motd motd))))))) + #:motd motd + #:additional-session-modules additional-session-modules))))))) (define-record-type* <nscd-configuration> nscd-configuration make-nscd-configuration diff --git a/gnu/system/linux.scm b/gnu/system/linux.scm index aaaa8c6..d6a9959 100644 --- a/gnu/system/linux.scm +++ b/gnu/system/linux.scm @@ -133,7 +133,8 @@ dumped in /etc/pam.d/NAME, where NAME is the name of SERVICE." (let ((unix (pam-entry (control "required") (module "pam_unix.so")))) - (lambda* (name #:key allow-empty-passwords? motd) + (lambda* (name #:key allow-empty-passwords? motd + (additional-session-modules '())) "Return a standard Unix-style PAM service for NAME. When ALLOW-EMPTY-PASSWORDS? is true, allow empty passwords. When MOTD is true, it should be the name of a file used as the message-of-the-day." @@ -149,14 +150,16 @@ should be the name of a file used as the message-of-the-day." (arguments '("nullok"))) unix))) (password (list unix)) - (session (if motd - (list unix - (pam-entry - (control "optional") - (module "pam_motd.so") - (arguments - (list #~(string-append "motd=" #$motd))))) - (list unix)))))))) + (session (append + (if motd + (list unix + (pam-entry + (control "optional") + (module "pam_motd.so") + (arguments + (list #~(string-append "motd=" #$motd))))) + (list unix)) + additional-session-modules))))))) (define (rootok-pam-service command) "Return a PAM service for COMMAND such that 'root' does not need to @@ -173,14 +176,16 @@ authenticate to run COMMAND." (password (list unix)) (session (list unix))))) -(define* (base-pam-services #:key allow-empty-passwords?) +(define* (base-pam-services #:key allow-empty-passwords? + (additional-session-modules '())) "Return the list of basic PAM services everyone would want." ;; TODO: Add other Shadow programs? (append (list %pam-other-services) ;; These programs are setuid-root. (map (cut unix-pam-service <> - #:allow-empty-passwords? allow-empty-passwords?) + #:allow-empty-passwords? allow-empty-passwords? + #:additional-session-modules additional-session-modules) '("su" "passwd" "sudo" "xlock" "xscreensaver")) -- 2.4.3