Open outergod opened 7 years ago
Are there any updates to this issue, please?
Thank you for your contributions.
This has been automatically marked as stale because it has had no activity for 180 days.
If this is still important to you, we ask that you leave a comment below. Your comment can be as simple as "still important to me". This lets people see that at least one person still cares about this. Someone will have to do this at most twice a year if there is no other activity.
Here are suggestions that might help resolve this more quickly:
You can use ldap.daemon.extraConfig
and add a map
for loginShell
:
ldap.daemon.extraConfig = ''
map passwd loginShell "/run/current-system/sw/bin/bash"
'';
The directive rewrites the loginShell
entry from LDAP to the value specified. It does not handle the fact that users can use different shells but at least they can login.
Issue description
As NixOS provides a non-standard way of locating its user shells,
passwd
entries from non-local sources are usually broken unless they were specifically made just for NixOS. This means NixOS installations can't properly participate in a network environment with centrally managed users.The current workaround is to manually create links in
/bin
.I can imagine two possible solutions to this. The simple one is to add a module that manages symlinks in
/bin
for all active, system-wide shells. The tedious, more "pure" Nix-ish way would be to provide an additional PAM module that re-writes the shell part of a passwd entry before attempting to log in.I would like to get opinions on this before actually attempting a fix as I've read somewhere else there was the plan to get rid of
/bin
altogether, even including/bin/sh
.Steps to reproduce
/bin/bash
or/bin/zsh
Expected result: User logs in and uses shell provided Actual result: Login failure because of invalid shell
Technical details