Red Hat Bugzilla – Bug 1285547
[RFE] pam_lastlog unable to reset locked account
Last modified: 2016-11-03 23:41:08 EDT
Description of problem:
When a system is configured to use pam_lastlog to lock inactive accounts, there doesn't appear to be a designed way to unlock or reset the account without changing the configuration or deleting the lastlog file.
It would be very helpful to have a utility that can reset the lastlog entry for a specified user leaving other system users untouched. The utility should also record an audit event (AUDIT_ACCT_UNLOCK) when performing the action.
I'm currently planning to implement this functionality in the lastlog utility of shadow-utils.
The build shadow-utils-4.2.1-6.fc24 in Rawhide contains lastlog command with the functionality added including the auditing.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.