nixos/pam: use pam_faillock instead of pam_tally

Fixes #108313

\#107185 removed pam_tally, in favor of pam_faillock (see release notes).

1 files changed, 1 insertions, 1 deletions

diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix
index a428103eaa96..1522111dbddf 100644
--- a/nixos/modules/security/pam.nix
+++ b/nixos/modules/security/pam.nix
@@ -394,7 +394,7 @@ let
           ${optionalString cfg.requireWheel
               "auth required pam_wheel.so use_uid"}
           ${optionalString cfg.logFailures
-              "auth required pam_tally.so"}
+              "auth required pam_faillock.so"}
           ${optionalString (config.security.pam.enableSSHAgentAuth && cfg.sshAgentAuth)
               "auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=${lib.concatStringsSep ":" config.services.openssh.authorizedKeysFiles}"}
           ${optionalString cfg.fprintAuth