path: root/modules/pam_lastlog/README
diff options
authorSteve Langasek <>2019-01-03 21:22:21 -0800
committerSteve Langasek <>2019-01-03 21:22:45 -0800
commit795badba7f95e737f979917859cd32c9bd47bcad (patch)
tree212a6a00baa11e9d0ca7bc27b12420d1dce6f07c /modules/pam_lastlog/README
parentc55c14c5c6762139ec6695d84ea0e2e917da5264 (diff)
parentba315ae8effdcad591608c99452dad05c4cf20ab (diff)
New upstream version 1.1.8
Diffstat (limited to 'modules/pam_lastlog/README')
1 files changed, 20 insertions, 1 deletions
diff --git a/modules/pam_lastlog/README b/modules/pam_lastlog/README
index c7149487..38a3065a 100644
--- a/modules/pam_lastlog/README
+++ b/modules/pam_lastlog/README
@@ -1,4 +1,5 @@
-pam_lastlog — PAM module to display date of last login
+pam_lastlog — PAM module to display date of last login and perform inactive
+account lock out
@@ -10,6 +11,10 @@ login of the user. In addition, the module maintains the /var/log/lastlog file.
Some applications may perform this function themselves. In such cases, this
module is not necessary.
+If the module is called in the auth or account phase, the accounts that were
+not used recently enough will be disallowed to log in. The check is not
+performed for the root account so the root is never locked out.
@@ -52,6 +57,12 @@ showfailed
Display number of failed login attempts and the date of the last failed
attempt from btmp. The date is not displayed when nodate is specified.
+ This option is specific for the auth or account phase. It specifies the
+ number of days after the last login of the user when the user will be
+ locked out by the module. The default value is 90.
Add the following line to /etc/pam.d/login to display the last login time of an
@@ -60,7 +71,15 @@ user:
session required nowtmp
+To reject the user if he did not login during the previous 50 days the
+following line can be used:
+ auth required inactive=50
pam_lastlog was written by Andrew G. Morgan <>.
+Inactive account lock out added by Tomáš Mráz <>.