| security.pam.services.<name>.enable | Whether to enable this PAM service.
|
| security.pam.services.<name>.enableAppArmor | Enable support for attaching AppArmor profiles at the
user/group level, e.g., as part of a role based access
control scheme.
|
| security.pam.services.<name>.enableUMask | If enabled, the pam_umask module will be loaded.
|
| security.pam.services.<name>.enableGnomeKeyring | If enabled, pam_gnome_keyring will attempt to automatically unlock the
user's default Gnome keyring upon login
|
| security.pam.services.<name>.zfs | Enable unlocking and mounting of encrypted ZFS home dataset at login.
|
| security.pam.services.<name>.pamMount | Enable PAM mount (pam_mount) system to mount filesystems on user login.
|
| security.pam.services.<name>.allowNullPassword | Whether to allow logging into accounts that have no password
set (i.e., have an empty password field in
/etc/passwd or
/etc/group)
|
| security.pam.services.<name>.googleOsLoginAccountVerification | If set, will use the Google OS Login PAM modules
(pam_oslogin_login,
pam_oslogin_admin) to verify possible OS Login
users and set sudoers configuration accordingly
|
| security.pam.services.<name>.googleOsLoginAuthentication | If set, will use the pam_oslogin_login's user
authentication methods to authenticate users using 2FA
|