From 018072ea221254a449d11e45acba0f4b1f688c9d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Milan=20P=C3=A4ssler?= <mil@nyantec.com>
Date: Sun, 3 Jan 2021 15:30:08 +0100
Subject: [PATCH] nixos/pam: use pam_faillock instead of pam_tally

Fixes #108313

\#107185 removed pam_tally, in favor of pam_faillock (see release notes).
---
 nixos/modules/security/pam.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix
index a428103eaa9..1522111dbdd 100644
--- a/nixos/modules/security/pam.nix
+++ b/nixos/modules/security/pam.nix
@@ -394,7 +394,7 @@ let
           ${optionalString cfg.requireWheel
               "auth required pam_wheel.so use_uid"}
           ${optionalString cfg.logFailures
-              "auth required pam_tally.so"}
+              "auth required pam_faillock.so"}
           ${optionalString (config.security.pam.enableSSHAgentAuth && cfg.sshAgentAuth)
               "auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=${lib.concatStringsSep ":" config.services.openssh.authorizedKeysFiles}"}
           ${optionalString cfg.fprintAuth