diff options
Diffstat (limited to 'modules/pam_lastlog/pam_lastlog.8')
-rw-r--r-- | modules/pam_lastlog/pam_lastlog.8 | 30 |
1 files changed, 23 insertions, 7 deletions
diff --git a/modules/pam_lastlog/pam_lastlog.8 b/modules/pam_lastlog/pam_lastlog.8 index 738bd1eb..f21038e7 100644 --- a/modules/pam_lastlog/pam_lastlog.8 +++ b/modules/pam_lastlog/pam_lastlog.8 @@ -1,13 +1,13 @@ '\" t .\" Title: pam_lastlog .\" Author: [see the "AUTHOR" section] -.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 05/18/2017 +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 06/08/2020 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" -.TH "PAM_LASTLOG" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_LASTLOG" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -31,7 +31,7 @@ pam_lastlog \- PAM module to display date of last login and perform inactive account lock out .SH "SYNOPSIS" .HP \w'\fBpam_lastlog\&.so\fR\ 'u -\fBpam_lastlog\&.so\fR [debug] [silent] [never] [nodate] [nohost] [noterm] [nowtmp] [noupdate] [showfailed] [inactive=<days>] +\fBpam_lastlog\&.so\fR [debug] [silent] [never] [nodate] [nohost] [noterm] [nowtmp] [noupdate] [showfailed] [inactive=<days>] [unlimited] .SH "DESCRIPTION" .PP pam_lastlog is a PAM module to display a line of information about the last login of the user\&. In addition, the module maintains the @@ -40,7 +40,15 @@ file\&. .PP Some applications may perform this function themselves\&. In such cases, this module is not necessary\&. .PP -If the module is called in the auth or account phase, the accounts that were not used recently enough will be disallowed to log in\&. The check is not performed for the root account so the root is never locked out\&. +The module checks +\fBLASTLOG_UID_MAX\fR +option in +/etc/login\&.defs +and does not update or display last login records for users with UID higher than its value\&. If the option is not present or its value is invalid, no user ID limit is applied\&. +.PP +If the module is called in the auth or account phase, the accounts that were not used recently enough will be disallowed to log in\&. The check is not performed for the root account so the root is never locked out\&. It is also not performed for users with UID higher than the +\fBLASTLOG_UID_MAX\fR +value\&. .SH "OPTIONS" .PP \fBdebug\fR @@ -52,7 +60,7 @@ Print debug information\&. .RS 4 Don\*(Aqt inform the user about any previous login, just update the /var/log/lastlog -file\&. +file\&. This option does not affect display of bad login attempts\&. .RE .PP \fBnever\fR @@ -98,13 +106,20 @@ is specified\&. .RS 4 This option is specific for the auth or account phase\&. It specifies the number of days after the last login of the user when the user will be locked out by the module\&. The default value is 90\&. .RE +.PP +\fBunlimited\fR +.RS 4 +If the +\fIfsize\fR +limit is set, this option can be used to override it, preventing failures on systems with large UID values that lead lastlog to become a huge sparse file\&. +.RE .SH "MODULE TYPES PROVIDED" .PP The \fBauth\fR and \fBaccount\fR -module type allows to lock out users which did not login recently enough\&. The +module type allows one to lock out users who did not login recently enough\&. The \fBsession\fR module type is provided for displaying the information about the last login and/or updating the lastlog and wtmp files\&. .SH "RETURN VALUES" @@ -171,6 +186,7 @@ Lastlog logging file .RE .SH "SEE ALSO" .PP +\fBlimits.conf\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8) |