|
Server : Apache System : Linux srv.rainic.com 4.18.0-553.47.1.el8_10.x86_64 #1 SMP Wed Apr 2 05:45:37 EDT 2025 x86_64 User : rainic ( 1014) PHP Version : 7.4.33 Disable Function : exec,passthru,shell_exec,system Directory : /usr/share/doc/pam/html/ |
Upload File : |
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>6.14. pam_lastlog - display date of last login</title><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="sag-module-reference.html" title="Chapter 6. A reference guide for available modules"><link rel="prev" href="sag-pam_keyinit.html" title="6.13. pam_keyinit - display the keyinit file"><link rel="next" href="sag-pam_limits.html" title="6.15. pam_limits - limit resources"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">6.14. pam_lastlog - display date of last login</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-pam_keyinit.html">Prev</a> </td><th width="60%" align="center">Chapter 6. A reference guide for available modules</th><td width="20%" align="right"> <a accesskey="n" href="sag-pam_limits.html">Next</a></td></tr></table><hr></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sag-pam_lastlog"></a>6.14. pam_lastlog - display date of last login</h2></div></div></div><div class="cmdsynopsis"><p><code class="command">pam_lastlog.so</code> [
debug
] [
silent
] [
never
] [
nodate
] [
nohost
] [
noterm
] [
nowtmp
] [
noupdate
] [
showfailed
] [
inactive=<days>
] [
unlimited
]</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_lastlog-description"></a>6.14.1. DESCRIPTION</h3></div></div></div><p>
pam_lastlog is a PAM module to display a line of information
about the last login of the user. In addition, the module maintains
the <code class="filename">/var/log/lastlog</code> file.
</p><p>
Some applications may perform this function themselves. In such
cases, this module is not necessary.
</p><p>
If the module is called in the auth or account phase, the accounts that
were not used recently enough will be disallowed to log in. The
check is not performed for the root account so the root is never
locked out.
</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_lastlog-options"></a>6.14.2. OPTIONS</h3></div></div></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">
<code class="option">debug</code>
</span></dt><dd><p>
Print debug information.
</p></dd><dt><span class="term">
<code class="option">silent</code>
</span></dt><dd><p>
Don't inform the user about any previous login,
just update the <code class="filename">/var/log/lastlog</code> file.
This option does not affect display of bad login attempts.
</p></dd><dt><span class="term">
<code class="option">never</code>
</span></dt><dd><p>
If the <code class="filename">/var/log/lastlog</code> file does
not contain any old entries for the user, indicate that
the user has never previously logged in with a welcome
message.
</p></dd><dt><span class="term">
<code class="option">nodate</code>
</span></dt><dd><p>
Don't display the date of the last login.
</p></dd><dt><span class="term">
<code class="option">noterm</code>
</span></dt><dd><p>
Don't display the terminal name on which the
last login was attempted.
</p></dd><dt><span class="term">
<code class="option">nohost</code>
</span></dt><dd><p>
Don't indicate from which host the last login was
attempted.
</p></dd><dt><span class="term">
<code class="option">nowtmp</code>
</span></dt><dd><p>
Don't update the wtmp entry.
</p></dd><dt><span class="term">
<code class="option">noupdate</code>
</span></dt><dd><p>
Don't update any file.
</p></dd><dt><span class="term">
<code class="option">showfailed</code>
</span></dt><dd><p>
Display number of failed login attempts and the date of the
last failed attempt from btmp. The date is not displayed
when <code class="option">nodate</code> is specified.
</p></dd><dt><span class="term">
<code class="option">inactive=<days></code>
</span></dt><dd><p>
This option is specific for the auth or account phase. It
specifies the number of days after the last login of the user
when the user will be locked out by the module. The default
value is 90.
</p></dd><dt><span class="term">
<code class="option">unlimited</code>
</span></dt><dd><p>
If the <span class="emphasis"><em>fsize</em></span> limit is set, this option can be
used to override it, preventing failures on systems with large UID
values that lead lastlog to become a huge sparse file.
</p></dd></dl></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_lastlog-types"></a>6.14.3. MODULE TYPES PROVIDED</h3></div></div></div><p>
The <code class="option">auth</code> and <code class="option">account</code> module type
allows to lock out users which did not login recently enough.
The <code class="option">session</code> module type is provided for displaying
the information about the last login and/or updating the lastlog and
wtmp files.
</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_lastlog-return_values"></a>6.14.4. RETURN VALUES</h3></div></div></div><p>
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
Everything was successful.
</p></dd><dt><span class="term">PAM_SERVICE_ERR</span></dt><dd><p>
Internal service module error.
</p></dd><dt><span class="term">PAM_USER_UNKNOWN</span></dt><dd><p>
User not known.
</p></dd><dt><span class="term">PAM_AUTH_ERR</span></dt><dd><p>
User locked out in the auth or account phase due to
inactivity.
</p></dd><dt><span class="term">PAM_IGNORE</span></dt><dd><p>
There was an error during reading the lastlog file
in the auth or account phase and thus inactivity
of the user cannot be determined.
</p></dd></dl></div><p>
</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_lastlog-examples"></a>6.14.5. EXAMPLES</h3></div></div></div><p>
Add the following line to <code class="filename">/etc/pam.d/login</code> to
display the last login time of an user:
</p><pre class="programlisting">
session required pam_lastlog.so nowtmp
</pre><p>
To reject the user if he did not login during the previous 50 days
the following line can be used:
</p><pre class="programlisting">
auth required pam_lastlog.so inactive=50
</pre></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_lastlog-author"></a>6.14.6. AUTHOR</h3></div></div></div><p>
pam_lastlog was written by Andrew G. Morgan <morgan@kernel.org>.
</p><p>
Inactive account lock out added by Tomáš Mráz <tm@t8m.info>.
</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-pam_keyinit.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="sag-module-reference.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="sag-pam_limits.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">6.13. pam_keyinit - display the keyinit file </td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top"> 6.15. pam_limits - limit resources</td></tr></table></div></body></html>