diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2013-09-22 18:16:22 +0200 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2013-09-22 21:39:05 +0200 |
commit | 4be5fae2da1eb9aafdc2982e1e210ef3b6122899 (patch) | |
tree | 7162b27a54ac058401c43f43dababe95be6772f5 /modules | |
parent | 14f55a2f677e4751c4b1333b5d096a6bc43af40b (diff) | |
download | nixlib-4be5fae2da1eb9aafdc2982e1e210ef3b6122899.tar nixlib-4be5fae2da1eb9aafdc2982e1e210ef3b6122899.tar.gz nixlib-4be5fae2da1eb9aafdc2982e1e210ef3b6122899.tar.bz2 nixlib-4be5fae2da1eb9aafdc2982e1e210ef3b6122899.tar.lz nixlib-4be5fae2da1eb9aafdc2982e1e210ef3b6122899.tar.xz nixlib-4be5fae2da1eb9aafdc2982e1e210ef3b6122899.tar.zst nixlib-4be5fae2da1eb9aafdc2982e1e210ef3b6122899.zip |
Log console logins in /var/log/wtmp
Diffstat (limited to 'modules')
-rw-r--r-- | modules/programs/shadow.nix | 2 | ||||
-rw-r--r-- | modules/security/pam.nix | 4 |
2 files changed, 5 insertions, 1 deletions
diff --git a/modules/programs/shadow.nix b/modules/programs/shadow.nix index 39359ac4293b..e4310dae986b 100644 --- a/modules/programs/shadow.nix +++ b/modules/programs/shadow.nix @@ -91,7 +91,7 @@ in { name = "groupmod"; rootOK = true; } { name = "groupmems"; rootOK = true; } { name = "groupdel"; rootOK = true; } - { name = "login"; startSession = true; allowNullPassword = true; showMotd = true; } + { name = "login"; startSession = true; allowNullPassword = true; showMotd = true; updateWtmp = true; } ]; security.setuidPrograms = [ "passwd" "chfn" "su" "newgrp" ]; diff --git a/modules/security/pam.nix b/modules/security/pam.nix index f97e68a171cd..3ef01ea2c179 100644 --- a/modules/security/pam.nix +++ b/modules/security/pam.nix @@ -70,6 +70,8 @@ let limits ? config.security.pam.loginLimits , # Whether to show the message of the day. showMotd ? false + , # Whether to update /var/log/wtmp. + updateWtmp ? false }: { source = pkgs.writeText "${name}.pam" @@ -114,6 +116,8 @@ let # Session management. session required pam_unix.so + ${optionalString updateWtmp + "session required ${pkgs.pam}/lib/security/pam_lastlog.so silent"} ${optionalString config.users.ldap.enable "session optional ${pam_ldap}/lib/security/pam_ldap.so"} ${optionalString config.krb5.enable |