From 5378da25a027f73bbbb25e1d111499f3b7dba2e8 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Thu, 17 Apr 2014 11:35:18 +0200
Subject: [PATCH] Apply pam_loginuid before pam_systemd

As recommended by the pam_systemd manpage.
---
 nixos/modules/security/pam.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix
index 0d205ce07e5..6a5eb4c720f 100644
--- a/nixos/modules/security/pam.nix
+++ b/nixos/modules/security/pam.nix
@@ -187,6 +187,8 @@ let
 
           # Session management.
           session required pam_unix.so
+          ${optionalString cfg.setLoginUid
+              "session required pam_loginuid.so"}
           ${optionalString cfg.updateWtmp
               "session required ${pkgs.pam}/lib/security/pam_lastlog.so silent"}
           ${optionalString config.users.ldap.enable
@@ -197,8 +199,6 @@ let
               "session optional ${pkgs.otpw}/lib/security/pam_otpw.so"}
           ${optionalString cfg.startSession
               "session optional ${pkgs.systemd}/lib/security/pam_systemd.so"}
-          ${optionalString cfg.setLoginUid
-              "session required pam_loginuid.so"}
           ${optionalString cfg.forwardXAuth
               "session optional pam_xauth.so xauthpath=${pkgs.xorg.xauth}/bin/xauth systemuser=99"}
           ${optionalString (cfg.limits != [])