Red Hat Bugzilla – Bug 161956
pam documentation does not seem to correspond to reality - pam_mail
Last modified: 2007-11-30 17:11:09 EST
Description of problem:
I want to have a loging check for mail performed. In particular also when
loging over ssh to a remote machine. 'man login' claims:
Last, if this is not a "quiet" login, the message of the day is printed
and the file with the user's name in /var/spool/mail will be checked,
and a message printed if it has non-zero length.
This does not seem to be really the case. OK, so now PAM handles login
and 'pam.txt' mentions 'pam_mail' module and it says:
This module provides the ``you have new mail'' service to the
user. It can be plugged into any application that has credential
Adding a line like
session optional pam_mail.so
to /etc/pam.d/login indeed makes mail check operational for local logins
(seeting aside a question if now it can be turned off for specific accounts)
but not for ssh. Well, the same like in /etc/pam.d/sshd make that work but
_only_ when loging over ssh to a root account (a dubious usefulness and it
may be even disallowed on production systems). Curiously enough this
is fine for non-root accounts on FC4 system but /etc/pam.d/sshd is there
The same 'pam.txt' also claims there there exist 'debug' flag such that:
debug - write more information to syslog(3)
but this seems to be totally ineffective.
What gives and how to restore a desired functionality?
BTW - on the first blush one would think that 'pam_mail' line should
be added to /etc/pam.d/system-auth. But there is 'authconfig' warning
there and there is no option in 'authconfig' to turn such function on
and when such line is added there, and only there, anyway then for
some reasons I see "You have mail ..." twice.
Version-Release number of selected component (if applicable):
There is only one real bug in your report and that is the difference between
FC-4 and devel (it should work for both normal user and root and not only root).
You should put pam_mail to both /etc/pam.d/login and sshd files if you want the
notification for console logins and ssh logins.
The bug I mentioned is actually regression in openssh which was introduced by me
in last openssh build and it will be fixed in the next devel update.
Fixed in openssh-4.1p1-3, thank you for the report.
> There is only one real bug in your report ...
What about quoted claims from 'man login'? At least a note that this
is now delegated to PAM is missing.
> Fixed in openssh-4.1p1-3
Thanks! There is still something in the whole caboodle which semms to
be "unexpected" but I may return to that once I will have sshd behaviour