1 files changed, 23 insertions, 7 deletions

diff --git a/modules/pam_lastlog/pam_lastlog.8 b/modules/pam_lastlog/pam_lastlog.8
index 738bd1eb..f21038e7 100644
--- a/modules/pam_lastlog/pam_lastlog.8
+++ b/modules/pam_lastlog/pam_lastlog.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_lastlog
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_LASTLOG" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_LASTLOG" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 pam_lastlog \- PAM module to display date of last login and perform inactive account lock out
 .SH "SYNOPSIS"
 .HP \w'\fBpam_lastlog\&.so\fR\ 'u
-\fBpam_lastlog\&.so\fR [debug] [silent] [never] [nodate] [nohost] [noterm] [nowtmp] [noupdate] [showfailed] [inactive=<days>]
+\fBpam_lastlog\&.so\fR [debug] [silent] [never] [nodate] [nohost] [noterm] [nowtmp] [noupdate] [showfailed] [inactive=<days>] [unlimited]
 .SH "DESCRIPTION"
 .PP
 pam_lastlog is a PAM module to display a line of information about the last login of the user\&. In addition, the module maintains the
@@ -40,7 +40,15 @@ file\&.
 .PP
 Some applications may perform this function themselves\&. In such cases, this module is not necessary\&.
 .PP
-If the module is called in the auth or account phase, the accounts that were not used recently enough will be disallowed to log in\&. The check is not performed for the root account so the root is never locked out\&.
+The module checks
+\fBLASTLOG_UID_MAX\fR
+option in
+/etc/login\&.defs
+and does not update or display last login records for users with UID higher than its value\&. If the option is not present or its value is invalid, no user ID limit is applied\&.
+.PP
+If the module is called in the auth or account phase, the accounts that were not used recently enough will be disallowed to log in\&. The check is not performed for the root account so the root is never locked out\&. It is also not performed for users with UID higher than the
+\fBLASTLOG_UID_MAX\fR
+value\&.
 .SH "OPTIONS"
 .PP
 \fBdebug\fR
@@ -52,7 +60,7 @@ Print debug information\&.
 .RS 4
 Don\*(Aqt inform the user about any previous login, just update the
 /var/log/lastlog
-file\&.
+file\&. This option does not affect display of bad login attempts\&.
 .RE
 .PP
 \fBnever\fR
@@ -98,13 +106,20 @@ is specified\&.
 .RS 4
 This option is specific for the auth or account phase\&. It specifies the number of days after the last login of the user when the user will be locked out by the module\&. The default value is 90\&.
 .RE
+.PP
+\fBunlimited\fR
+.RS 4
+If the
+\fIfsize\fR
+limit is set, this option can be used to override it, preventing failures on systems with large UID values that lead lastlog to become a huge sparse file\&.
+.RE
 .SH "MODULE TYPES PROVIDED"
 .PP
 The
 \fBauth\fR
 and
 \fBaccount\fR
-module type allows to lock out users which did not login recently enough\&. The
+module type allows one to lock out users who did not login recently enough\&. The
 \fBsession\fR
 module type is provided for displaying the information about the last login and/or updating the lastlog and wtmp files\&.
 .SH "RETURN VALUES"
@@ -171,6 +186,7 @@ Lastlog logging file
 .RE
 .SH "SEE ALSO"
 .PP
+\fBlimits.conf\fR(5),
 \fBpam.conf\fR(5),
 \fBpam.d\fR(5),
 \fBpam\fR(8)