[arch-general] Login Statistics Similar to Centos

brent s. bts at square-r00t.net
Fri Sep 1 18:26:24 UTC 2017

On 09/01/2017 02:11 PM, William Gathoye wrote:
> On 08/30/2017 12:19 AM, Leonid Isaev via arch-general wrote:
>> man 8 pam_lastlog
> For your kind info, calling pam_lastlog.so like described in the man
> pages is segfaulting on my side.
> $ /usr/lib/security/pam_lastlog.so
> Segmentation fault (core dumped)
> I cannot debug further since it hasn't been build with gdb debug
> symbols, but this is likely to this issue. [1]
> [1] https://www.redhat.com/archives/pam-list/2014-August/msg00003.html

You don't execute pam_lastlog.so directly.

[root at centos7test pam.d]# pwd
[root at centos7test pam.d]# cat login
auth [user_unknown=ignore success=ok ignore=ignore default=bad]
auth       substack     system-auth
***auth       include      postlogin
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed
in the user context
session    required     pam_selinux.so open
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      system-auth
***session    include      postlogin
-session   optional     pam_ck_connector.so

(*** prefixed for emphasis. Do not actually put those in a pam config.)

[root at centos7test pam.d]# cat postlogin
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.

session     [success=1 default=ignore] pam_succeed_if.so service !~ gdm*
service !~ su* quiet
***session     [default=1]   pam_lastlog.so nowtmp showfailed
***session     optional      pam_lastlog.so silent noupdate showfailed

(*** prefixed for emphasis. Do not actually put those in a pam config.)

As shown, pam is calling the pam_lastlog.so object (which is why you
can't execute it; it's not an executable, it's a Shared Object).

To do this over SSH, /etc/ssh/sshd_config has UsePam yes (and
PrintLastLog yes is enabled by default)

brent saner

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 898 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20170901/43b4d968/attachment.asc>

More information about the arch-general mailing list