From 4be5fae2da1eb9aafdc2982e1e210ef3b6122899 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Sun, 22 Sep 2013 18:16:22 +0200
Subject: Log console logins in /var/log/wtmp

---
 modules/programs/shadow.nix | 2 +-
 modules/security/pam.nix    | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

(limited to 'modules')

diff --git a/modules/programs/shadow.nix b/modules/programs/shadow.nix
index 39359ac4293b..e4310dae986b 100644
--- a/modules/programs/shadow.nix
+++ b/modules/programs/shadow.nix
@@ -91,7 +91,7 @@ in
         { name = "groupmod"; rootOK = true; }
         { name = "groupmems"; rootOK = true; }
         { name = "groupdel"; rootOK = true; }
-        { name = "login"; startSession = true; allowNullPassword = true; showMotd = true; }
+        { name = "login"; startSession = true; allowNullPassword = true; showMotd = true; updateWtmp = true; }
       ];
 
     security.setuidPrograms = [ "passwd" "chfn" "su" "newgrp" ];
diff --git a/modules/security/pam.nix b/modules/security/pam.nix
index f97e68a171cd..3ef01ea2c179 100644
--- a/modules/security/pam.nix
+++ b/modules/security/pam.nix
@@ -70,6 +70,8 @@ let
       limits ? config.security.pam.loginLimits
     , # Whether to show the message of the day.
       showMotd ? false
+    , # Whether to update /var/log/wtmp.
+      updateWtmp ? false
     }:
 
     { source = pkgs.writeText "${name}.pam"
@@ -114,6 +116,8 @@ let
 
           # Session management.
           session required pam_unix.so
+          ${optionalString updateWtmp
+              "session required ${pkgs.pam}/lib/security/pam_lastlog.so silent"}
           ${optionalString config.users.ldap.enable
               "session optional ${pam_ldap}/lib/security/pam_ldap.so"}
           ${optionalString config.krb5.enable
-- 
cgit 1.4.1