Bug 161956
| Summary: | pam documentation does not seem to correspond to reality - pam_mail | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Michal Jaegermann <michal> |
| Component: | pam | Assignee: | Tomas Mraz <tmraz> |
| Status: | CLOSED RAWHIDE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-06-29 10:43:58 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
There is only one real bug in your report and that is the difference between FC-4 and devel (it should work for both normal user and root and not only root). You should put pam_mail to both /etc/pam.d/login and sshd files if you want the notification for console logins and ssh logins. The bug I mentioned is actually regression in openssh which was introduced by me in last openssh build and it will be fixed in the next devel update. Fixed in openssh-4.1p1-3, thank you for the report. > There is only one real bug in your report ... What about quoted claims from 'man login'? At least a note that this is now delegated to PAM is missing. > Fixed in openssh-4.1p1-3 Thanks! There is still something in the whole caboodle which semms to be "unexpected" but I may return to that once I will have sshd behaviour fixed. |
Description of problem: I want to have a loging check for mail performed. In particular also when loging over ssh to a remote machine. 'man login' claims: Last, if this is not a "quiet" login, the message of the day is printed and the file with the user's name in /var/spool/mail will be checked, and a message printed if it has non-zero length. This does not seem to be really the case. OK, so now PAM handles login and 'pam.txt' mentions 'pam_mail' module and it says: This module provides the ``you have new mail'' service to the user. It can be plugged into any application that has credential hooks. .... Adding a line like session optional pam_mail.so to /etc/pam.d/login indeed makes mail check operational for local logins (seeting aside a question if now it can be turned off for specific accounts) but not for ssh. Well, the same like in /etc/pam.d/sshd make that work but _only_ when loging over ssh to a root account (a dubious usefulness and it may be even disallowed on production systems). Curiously enough this is fine for non-root accounts on FC4 system but /etc/pam.d/sshd is there somewhat different. The same 'pam.txt' also claims there there exist 'debug' flag such that: debug - write more information to syslog(3) but this seems to be totally ineffective. What gives and how to restore a desired functionality? BTW - on the first blush one would think that 'pam_mail' line should be added to /etc/pam.d/system-auth. But there is 'authconfig' warning there and there is no option in 'authconfig' to turn such function on and when such line is added there, and only there, anyway then for some reasons I see "You have mail ..." twice. Version-Release number of selected component (if applicable): pam-0.79-10