path: root/modules/pam_lastlog/README
diff options
Diffstat (limited to 'modules/pam_lastlog/README')
1 files changed, 13 insertions, 2 deletions
diff --git a/modules/pam_lastlog/README b/modules/pam_lastlog/README
index 38a3065a..c0feca04 100644
--- a/modules/pam_lastlog/README
+++ b/modules/pam_lastlog/README
@@ -11,9 +11,14 @@ login of the user. In addition, the module maintains the /var/log/lastlog file.
Some applications may perform this function themselves. In such cases, this
module is not necessary.
+The module checks LASTLOG_UID_MAX option in /etc/login.defs and does not update
+or display last login records for users with UID higher than its value. If the
+option is not present or its value is invalid, no user ID limit is applied.
If the module is called in the auth or account phase, the accounts that were
not used recently enough will be disallowed to log in. The check is not
-performed for the root account so the root is never locked out.
+performed for the root account so the root is never locked out. It is also not
+performed for users with UID higher than the LASTLOG_UID_MAX value.
@@ -24,7 +29,7 @@ debug
Don't inform the user about any previous login, just update the /var/log/
- lastlog file.
+ lastlog file. This option does not affect display of bad login attempts.
@@ -63,6 +68,12 @@ inactive=<days>
number of days after the last login of the user when the user will be
locked out by the module. The default value is 90.
+ If the fsize limit is set, this option can be used to override it,
+ preventing failures on systems with large UID values that lead lastlog to
+ become a huge sparse file.
Add the following line to /etc/pam.d/login to display the last login time of an