I’d like to use kanidm, for which a NixOS service definition exists, including an option services.kanidm.enablePam
Setting this to true will only create the systemd services, but not update the PAM configuration.
So I want to to update the PAM configutation as described in the kanidm book to include pam_kanidm.so, but now I notice the pam.d directory is managed by Nix and looks pretty hardcoded: I cannot easily find an option to update auth, account, password and session sections from within my configuration.nix file. Is there an option I’m overlooking?
It looks like the PAM configuration is not configurable by the user other than the security.pam.*.enable options for specific PAM modules
@Flakebi question since you seem to be the main author of this module: would it be possible to add an option security.pam.kanidm.enable (it depends on services.kanidm.enablePam which is already there)? That would be really nice!