Bug 696731
| Summary: | display failed login attempts | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Steve Grubb <sgrubb> |
| Component: | util-linux-ng | Assignee: | Karel Zak <kzak> |
| Status: | CLOSED ERRATA | QA Contact: | qe-baseos-daemons |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 6.1 | CC: | azelinka, jmarko, kvolny, rvokal, tmraz |
| Target Milestone: | rc | Keywords: | FutureFeature |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Enhancement | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-12-06 17:10:58 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 744245 | ||
| Bug Blocks: | |||
|
Description
Steve Grubb
2011-04-14 18:07:00 UTC
My proposal for the solution is: 1. Do not do the printout of the Last login:..... message in the login code if /etc/hushlogin file is present. 2. Document the possibility to modify the PAM configuration for login so that the following line is added. session required pam_lastlog.so noupdate showfailed This allows us to not modify the login behavior for existing installs. And the customers that need to have the message about failed login attempts displayed can add the hushlogin file and modify the PAM configuration according to the documentation. I agree with Tom's proposal. All we need is to add support for /etc/hushlogin to login(1). That's trivial change. (In reply to comment #5) > 2. Document the possibility to modify the PAM configuration for login so that > the following line is added. > session required pam_lastlog.so noupdate showfailed there is a little problem with this ... when present without /etc/hushlogins or ~/.hushlogin, the "Last login" message is printed twice the question is, are we okay with such behaviour? (In reply to comment #11) > (In reply to comment #5) > > 2. Document the possibility to modify the PAM configuration for login so that > > the following line is added. > > session required pam_lastlog.so noupdate showfailed > > there is a little problem with this ... when present without /etc/hushlogins or > ~/.hushlogin, the "Last login" message is printed twice This is exactly reason why "/etc/hushlogins" has been added ;-) If you want to print the messages by PAM then you have to switch login(1) to hushed mode (by the hushlogin file). > the question is, are we okay with such behaviour? Yes. (In reply to comment #12) > (In reply to comment #11) > > (In reply to comment #5) > > > 2. Document the possibility to modify the PAM configuration for login so that > > > the following line is added. > > > session required pam_lastlog.so noupdate showfailed > > > > there is a little problem with this ... when present without /etc/hushlogins or > > ~/.hushlogin, the "Last login" message is printed twice > > This is exactly reason why "/etc/hushlogins" has been added ;-) If you want to > print the messages by PAM then you have to switch login(1) to hushed mode (by > the hushlogin file). "If you want to print the messages by PAM then ..." - I read this as "If you want to print the messages *only* by PAM then ..." but the problem is that 'hushlogin' feature disables also MOTD, while PAM doesn't care about MOTD > > the question is, are we okay with such behaviour? > > Yes. ok, twice is better than never :-) so, I can switch this to VERIFIED once bug #744245 is resolved Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2011-1691.html |