Home > Articles > Programming > Android

  • Print
  • + Share This

Using pam_lastlog

This module provides the capability of displaying the last time-logged-in message and the You have new mail message as module type auth and session, respectively. The former is of greater concern than the latter, as it gives away information about the computing environment. Fortunately, pam_lastlog gives you control over what is displayed.

The pam_lastlog module may operate in either module type auth or session. As an auth module it serves the purpose of controlling lastlog (see One Other Command on page 153 of Chapter 7 for more details) displays after a user login. In this mode it takes the arguments listed in Table 5.13. To use this module, simply put a record similar to the following line in all appropriate /etc/pam.d configuration files (e.g., login, rlogin, rsh).

Auth  optional  /lib/security/pam_lastlog.so nohost

Table 5.13 Arguments of pam_lastlog as Module Type auth

Argument

Description

Debug

Provides verbose output to syslog.

Nodate

Suppresses the display of the date of last login by this user.

Noterm

Suppresses the display of the terminal name used in the last login of this user.

Nohost

Suppresses the display of the host from which this user last logged in. By utilizing this argument, hostnames in your environment are not disclosed.

Silent

Suppresses the entire lastlog message.

Never

If the user has never logged in before, this will cause a welcome message to be displayed.


Notice the optional control flag. If you use required instead, no one will be able to log in! You also probably want to put this line last in your auth stack. In this example, the lastlog message will be displayed, but no previous host information will be shown.

As a session module, pam_lastlog informs the user about electronic mail. It takes no arguments and once again must use the optional control flag. Here is a sample entry:

session optional /lib/security/pam_lastlog.so

Once again, make sure that this entry appears in each appropriate /etc/pam.d configuration file.

NOTE

Another application may display lastlog or e-mail information after the PAM authentication steps are complete. Any such applications would obviate the configu-ration of pam_lastlog.

  • + Share This
  • 🔖 Save To Your Account

Related Resources

There are currently no related titles. Please check back later.