How to configure login.defs and password quality control settings with PAM?

The title says it all: I tried to find out relevant options with nix option search but wasn’t able to find something that I could use. And similarly, some of the web query trials didn’t give anything relevant (or I just didn’t see it).

I’d like to add e.g. SHA_CRYPT_MIN_ROUNDS and similar MAX value into the login.defs. And add some general purpose configuration like setting the expire dates (max) and add PAM modules for password quality control etc.

Any related blog posts or sections on documentation on how to do these things with NixOs?

Late additions:

I run lynis audit system --quick and I think that the overall score was a bit too low. Some of the suggestions that lynis gives, are probably meaningless on a single user case, or otherwise on a category of a bit naive operations. But there were a whole set of suggestions that were much more important. I’ll open another thread for it.


Same I have just done a scan with Lynis, and I have this issue as well. Have you solved it?

To @winston0410 , Hi, nope, I haven’t been able to work (not really have had any time) at all with this matter, even thou I still find it relevant and interesting.
At this point, I’m just guessing if using another OS to first learn the basics on configuring and operating PAM and then mimicking the current NixOS definitions made for other similar modules as seen on definitions and code, is the only way.