12345678910111213141516171819202122232425262728 |
- { config, lib, ... }:
- with lib;
- {
- security.pam.services.login = {
- failDelay.enable = true;
- logFailures = true;
- rules = with config.security.pam.services.login.rules; {
- account.faillock = {
- inherit (auth.faillock) enable;
- args = [];
- inherit (auth.faillock) control;
- inherit (auth.faillock) modulePath;
- order = account.unix.order - 50;
- };
- auth = {
- faillock.args = [ "preauth" ];
- faillock-fail = {
- inherit (auth.faillock) enable;
- args = [ "authfail" ];
- inherit (auth.faillock) control;
- inherit (auth.faillock) modulePath;
- order = auth.unix.order + 50;
- };
- };
- };
- };
- }
|