diff options
Diffstat (limited to 'modules')
-rw-r--r-- | modules/programs/shadow.nix | 2 | ||||
-rw-r--r-- | modules/security/pam.nix | 4 |
2 files changed, 5 insertions, 1 deletions
diff --git a/modules/programs/shadow.nix b/modules/programs/shadow.nix index 39359ac4293b..e4310dae986b 100644 --- a/modules/programs/shadow.nix +++ b/modules/programs/shadow.nix @@ -91,7 +91,7 @@ in { name = "groupmod"; rootOK = true; } { name = "groupmems"; rootOK = true; } { name = "groupdel"; rootOK = true; } - { name = "login"; startSession = true; allowNullPassword = true; showMotd = true; } + { name = "login"; startSession = true; allowNullPassword = true; showMotd = true; updateWtmp = true; } ]; security.setuidPrograms = [ "passwd" "chfn" "su" "newgrp" ]; diff --git a/modules/security/pam.nix b/modules/security/pam.nix index f97e68a171cd..3ef01ea2c179 100644 --- a/modules/security/pam.nix +++ b/modules/security/pam.nix @@ -70,6 +70,8 @@ let limits ? config.security.pam.loginLimits , # Whether to show the message of the day. showMotd ? false + , # Whether to update /var/log/wtmp. + updateWtmp ? false }: { source = pkgs.writeText "${name}.pam" @@ -114,6 +116,8 @@ let # Session management. session required pam_unix.so + ${optionalString updateWtmp + "session required ${pkgs.pam}/lib/security/pam_lastlog.so silent"} ${optionalString config.users.ldap.enable "session optional ${pam_ldap}/lib/security/pam_ldap.so"} ${optionalString config.krb5.enable |