161956 – pam documentation does not seem to correspond to reality - pam_mail

Bug 161956 - pam documentation does not seem to correspond to reality - pam_mail

Summary: pam documentation does not seem to correspond to reality - pam_mail

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	pam
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Tomas Mraz
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-06-28 18:42 UTC by Michal Jaegermann
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-06-29 10:43:58 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Michal Jaegermann 2005-06-28 18:42:31 UTC

Description of problem:

I want to have a loging check for mail performed.  In particular also when
loging over ssh to a remote machine.  'man login' claims:

       Last, if this is not a "quiet" login, the message of the day is printed
       and the file with the user's name in /var/spool/mail will  be  checked,
       and a message printed if it has non-zero length.

This does not seem to be really the case.  OK, so now PAM handles login
and 'pam.txt' mentions 'pam_mail' module and it says:

        This module provides the ``you have new mail'' service to the
        user. It can be plugged into any application that has credential
        hooks.
        ....
        
Adding a line like

        session  optional pam_mail.so

to /etc/pam.d/login indeed makes mail check operational for local logins
(seeting aside a question if now it can be turned off for specific accounts)
but not for ssh.  Well, the same like in /etc/pam.d/sshd make that work but
_only_ when loging over ssh to a root account (a dubious usefulness and it
may be even disallowed on production systems).  Curiously enough this
is fine for non-root accounts on FC4 system but /etc/pam.d/sshd is there
somewhat different.

The same 'pam.txt' also claims there there exist 'debug' flag such that:

            debug - write more information to syslog(3)

but this seems to be totally ineffective.

What gives and how to restore a desired functionality?

BTW - on the first blush one would think that 'pam_mail' line should
be added to /etc/pam.d/system-auth.  But there is 'authconfig' warning
there and there is no option in 'authconfig' to turn such function on
and when such line is added there, and only there, anyway then for
some reasons I see "You have mail ..." twice.

Version-Release number of selected component (if applicable):
pam-0.79-10

Comment 1 Tomas Mraz 2005-06-29 10:43:58 UTC

There is only one real bug in your report and that is the difference between
FC-4 and devel (it should work for both normal user and root and not only root).

You should put pam_mail to both /etc/pam.d/login and sshd files if you want the
notification for console logins and ssh logins.

The bug I mentioned is actually regression in openssh which was introduced by me
in last openssh build and it will be fixed in the next devel update.

Comment 2 Tomas Mraz 2005-06-29 11:25:13 UTC

Fixed in openssh-4.1p1-3, thank you for the report.

Comment 3 Michal Jaegermann 2005-06-29 17:04:34 UTC

> There is only one real bug in your report ...

What about quoted claims from 'man login'?  At least a note that this
is now delegated to PAM is missing.

> Fixed in openssh-4.1p1-3

Thanks!  There is still something in the whole caboodle which semms to
be "unexpected" but I may return to that once I will have sshd behaviour
fixed.

Note You need to log in before you can comment on or make changes to this bug.