New upstream version 1.4.0

author: Steve Langasek <steve.langasek@canonical.com> 2020-08-11 14:54:29 -0700
committer: Steve Langasek <steve.langasek@canonical.com> 2020-08-11 14:54:29 -0700
commit: f6d08ed47a3da3c08345bce2ca366e961c52ad7c (patch)
tree: dcbd0efb229b17f696f7195671f05b354b4f70fc /modules/pam_lastlog/pam_lastlog.8.xml
parent: 668b13da8f830c38388cecac45539972e80cb246 (diff)
parent: 9e5bea9e146dee574796259ca464ad2435be3590 (diff)
1 files changed, 29 insertions, 2 deletions
diff --git a/modules/pam_lastlog/pam_lastlog.8.xml b/modules/pam_lastlog/pam_lastlog.8.xml
index 77da9dbc..a2f14fc2 100644
--- a/modules/pam_lastlog/pam_lastlog.8.xml
+++ b/modules/pam_lastlog/pam_lastlog.8.xml
@@ -48,6 +48,9 @@
       <arg choice="opt">
         inactive=&lt;days&gt;
       </arg>
+      <arg choice="opt">
+        unlimited
+      </arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 
@@ -65,10 +68,18 @@
       cases, this module is not necessary.
     </para>
     <para>
+      The module checks <option>LASTLOG_UID_MAX</option> option in
+      <filename>/etc/login.defs</filename> and does not update or display
+      last login records for users with UID higher than its value.
+      If the option is not present or its value is invalid, no user ID
+      limit is applied.
+    </para>
+    <para>
       If the module is called in the auth or account phase, the accounts that
       were not used recently enough will be disallowed to log in. The
       check is not performed for the root account so the root is never
-      locked out.
+      locked out. It is also not performed for users with UID higher
+      than the <option>LASTLOG_UID_MAX</option> value.
     </para>
   </refsect1>
 
@@ -94,6 +105,7 @@
           <para>
             Don't inform the user about any previous login,
             just update the <filename>/var/log/lastlog</filename> file.
+            This option does not affect display of bad login attempts.
           </para>
         </listitem>
       </varlistentry>
@@ -187,6 +199,18 @@
           </para>
         </listitem>
       </varlistentry>
+      <varlistentry>
+        <term>
+          <option>unlimited</option>
+        </term>
+        <listitem>
+          <para>
+	    If the <emphasis>fsize</emphasis> limit is set, this option can be
+	    used to override it, preventing failures on systems with large UID
+	    values that lead lastlog to become a huge sparse file.
+          </para>
+        </listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>
 
@@ -194,7 +218,7 @@
     <title>MODULE TYPES PROVIDED</title>
     <para>
       The <option>auth</option> and <option>account</option> module type
-      allows to lock out users which did not login recently enough.
+      allows one to lock out users who did not login recently enough.
       The <option>session</option> module type is provided for displaying
       the information about the last login and/or updating the lastlog and
       wtmp files.
@@ -292,6 +316,9 @@
     <title>SEE ALSO</title>
     <para>
       <citerefentry>
+	<refentrytitle>limits.conf</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
 	<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
       </citerefentry>,
       <citerefentry>
author	Steve Langasek <steve.langasek@canonical.com>	2020-08-11 14:54:29 -0700
committer	Steve Langasek <steve.langasek@canonical.com>	2020-08-11 14:54:29 -0700
commit	f6d08ed47a3da3c08345bce2ca366e961c52ad7c (patch)
tree	dcbd0efb229b17f696f7195671f05b354b4f70fc /modules/pam_lastlog/pam_lastlog.8.xml
parent	668b13da8f830c38388cecac45539972e80cb246 (diff)
parent	9e5bea9e146dee574796259ca464ad2435be3590 (diff)