vinzenz/hyperhive
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

weston-vnc: add pam_permit.so for weston service to accept any Apple-DH credentials

Browse source
This commit is contained in:
iris 2026-05-20 19:56:31 +02:00 committed by Mara
parent de2179540a
commit fceab658f4
1 changed files with 10 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

10
nix/templates/weston-vnc.nix
View file

@ -57,6 +57,16 @@
}; };
config = lib.mkIf config.hyperhive.gui.enable { config = lib.mkIf config.hyperhive.gui.enable {
# neatvnc 0.9 always calls the PAM auth callback (weston_authenticate_user)
# for Apple-DH (type 30), regardless of weston.ini auth-method=none.
# pam_permit.so makes the "weston" PAM service accept any credentials,
# so the browser's empty Apple-DH credentials always pass.
security.pam.services.weston.text = ''
auth sufficient pam_permit.so
account sufficient pam_permit.so
session sufficient pam_permit.so
'';
systemd.services.weston = { systemd.services.weston = {
description = "Weston Wayland compositor (VNC backend)"; description = "Weston Wayland compositor (VNC backend)";
after = [ "network.target" ]; after = [ "network.target" ];