diff options
author | Lorry Tar Creator <lorry-tar-importer@baserock.org> | 2013-09-19 09:33:00 +0000 |
---|---|---|
committer | <> | 2014-11-13 09:36:22 +0000 |
commit | b1521c97e73b10469f7b34c0571d51c647eca83c (patch) | |
tree | 212a6a00baa11e9d0ca7bc27b12420d1dce6f07c /modules/pam_lastlog/README | |
parent | 6e36ca00ed774a7c5b2f2322c96b023999b733a4 (diff) | |
download | linux-pam-b1521c97e73b10469f7b34c0571d51c647eca83c.tar.gz |
Imported from /home/lorry/working-area/delta_linux-pam/Linux-PAM-1.1.8.tar.bz2.HEADLinux-PAM-1.1.8master
Diffstat (limited to 'modules/pam_lastlog/README')
-rw-r--r-- | modules/pam_lastlog/README | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/modules/pam_lastlog/README b/modules/pam_lastlog/README index c714948..38a3065 100644 --- a/modules/pam_lastlog/README +++ b/modules/pam_lastlog/README @@ -1,4 +1,5 @@ -pam_lastlog — PAM module to display date of last login +pam_lastlog — PAM module to display date of last login and perform inactive +account lock out ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ @@ -10,6 +11,10 @@ login of the user. In addition, the module maintains the /var/log/lastlog file. Some applications may perform this function themselves. In such cases, this module is not necessary. +If the module is called in the auth or account phase, the accounts that were +not used recently enough will be disallowed to log in. The check is not +performed for the root account so the root is never locked out. + OPTIONS debug @@ -52,6 +57,12 @@ showfailed Display number of failed login attempts and the date of the last failed attempt from btmp. The date is not displayed when nodate is specified. +inactive=<days> + + This option is specific for the auth or account phase. It specifies the + number of days after the last login of the user when the user will be + locked out by the module. The default value is 90. + EXAMPLES Add the following line to /etc/pam.d/login to display the last login time of an @@ -60,7 +71,15 @@ user: session required pam_lastlog.so nowtmp +To reject the user if he did not login during the previous 50 days the +following line can be used: + + auth required pam_lastlog.so inactive=50 + + AUTHOR pam_lastlog was written by Andrew G. Morgan <morgan@kernel.org>. +Inactive account lock out added by Tomáš Mráz <tm@t8m.info>. + |