summaryrefslogtreecommitdiff
path: root/modules/pam_lastlog/README
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_lastlog/README')
-rw-r--r--modules/pam_lastlog/README15
1 files changed, 13 insertions, 2 deletions
diff --git a/modules/pam_lastlog/README b/modules/pam_lastlog/README
index 38a3065a..c0feca04 100644
--- a/modules/pam_lastlog/README
+++ b/modules/pam_lastlog/README
@@ -11,9 +11,14 @@ login of the user. In addition, the module maintains the /var/log/lastlog file.
Some applications may perform this function themselves. In such cases, this
module is not necessary.
+The module checks LASTLOG_UID_MAX option in /etc/login.defs and does not update
+or display last login records for users with UID higher than its value. If the
+option is not present or its value is invalid, no user ID limit is applied.
+
If the module is called in the auth or account phase, the accounts that were
not used recently enough will be disallowed to log in. The check is not
-performed for the root account so the root is never locked out.
+performed for the root account so the root is never locked out. It is also not
+performed for users with UID higher than the LASTLOG_UID_MAX value.
OPTIONS
@@ -24,7 +29,7 @@ debug
silent
Don't inform the user about any previous login, just update the /var/log/
- lastlog file.
+ lastlog file. This option does not affect display of bad login attempts.
never
@@ -63,6 +68,12 @@ inactive=<days>
number of days after the last login of the user when the user will be
locked out by the module. The default value is 90.
+unlimited
+
+ If the fsize limit is set, this option can be used to override it,
+ preventing failures on systems with large UID values that lead lastlog to
+ become a huge sparse file.
+
EXAMPLES
Add the following line to /etc/pam.d/login to display the last login time of an