22 lines
618 B
Nix
22 lines
618 B
Nix
{ config, ... }:
|
|
let
|
|
cfg = config.services.saslauthd;
|
|
in
|
|
{
|
|
# TODO: This is seemingly required for openldap to authenticate
|
|
# against kerberos, but I have no idea how to configure it as
|
|
# such. Does it need a keytab? There's a binary "testsaslauthd"
|
|
# that follows with `pkgs.cyrus_sasl` that might be useful.
|
|
services.saslauthd = {
|
|
enable = true;
|
|
mechanism = "kerberos5";
|
|
config = ''
|
|
mech_list: gs2-krb5 gssapi
|
|
keytab: /etc/krb5.keytab
|
|
'';
|
|
};
|
|
|
|
# TODO: maybe the upstream module should consider doing this?
|
|
environment.systemPackages = [ cfg.package ];
|
|
}
|