diff options
author | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 21:22:21 -0800 |
---|---|---|
committer | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 21:22:45 -0800 |
commit | 795badba7f95e737f979917859cd32c9bd47bcad (patch) | |
tree | 212a6a00baa11e9d0ca7bc27b12420d1dce6f07c /modules/pam_lastlog/README | |
parent | c55c14c5c6762139ec6695d84ea0e2e917da5264 (diff) | |
parent | ba315ae8effdcad591608c99452dad05c4cf20ab (diff) |
New upstream version 1.1.8
Diffstat (limited to 'modules/pam_lastlog/README')
-rw-r--r-- | modules/pam_lastlog/README | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/modules/pam_lastlog/README b/modules/pam_lastlog/README index c7149487..38a3065a 100644 --- a/modules/pam_lastlog/README +++ b/modules/pam_lastlog/README @@ -1,4 +1,5 @@ -pam_lastlog — PAM module to display date of last login +pam_lastlog — PAM module to display date of last login and perform inactive +account lock out ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ @@ -10,6 +11,10 @@ login of the user. In addition, the module maintains the /var/log/lastlog file. Some applications may perform this function themselves. In such cases, this module is not necessary. +If the module is called in the auth or account phase, the accounts that were +not used recently enough will be disallowed to log in. The check is not +performed for the root account so the root is never locked out. + OPTIONS debug @@ -52,6 +57,12 @@ showfailed Display number of failed login attempts and the date of the last failed attempt from btmp. The date is not displayed when nodate is specified. +inactive=<days> + + This option is specific for the auth or account phase. It specifies the + number of days after the last login of the user when the user will be + locked out by the module. The default value is 90. + EXAMPLES Add the following line to /etc/pam.d/login to display the last login time of an @@ -60,7 +71,15 @@ user: session required pam_lastlog.so nowtmp +To reject the user if he did not login during the previous 50 days the +following line can be used: + + auth required pam_lastlog.so inactive=50 + + AUTHOR pam_lastlog was written by Andrew G. Morgan <morgan@kernel.org>. +Inactive account lock out added by Tomáš Mráz <tm@t8m.info>. + |