From 018072ea221254a449d11e45acba0f4b1f688c9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Milan=20P=C3=A4ssler?= Date: Sun, 3 Jan 2021 15:30:08 +0100 Subject: [PATCH] nixos/pam: use pam_faillock instead of pam_tally Fixes #108313 \#107185 removed pam_tally, in favor of pam_faillock (see release notes). --- nixos/modules/security/pam.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index a428103eaa9..1522111dbdd 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -394,7 +394,7 @@ let ${optionalString cfg.requireWheel "auth required pam_wheel.so use_uid"} ${optionalString cfg.logFailures - "auth required pam_tally.so"} + "auth required pam_faillock.so"} ${optionalString (config.security.pam.enableSSHAgentAuth && cfg.sshAgentAuth) "auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=${lib.concatStringsSep ":" config.services.openssh.authorizedKeysFiles}"} ${optionalString cfg.fprintAuth