AnswerBun.com

inactive option not working for pam_lastlog.so

Server Fault Asked by Jakov Sosic on August 5, 2020

I’m trying to set up my system to lock out inactive users after 10 days. I’m using CentOS 6.x, and looking at RHEL manual, this is what I found:

To lock out an account after 10 days of inactivity, add, as root,
the following line to the auth section of the /etc/pam.d/login file:
auth  required  pam_lastlog.so inactive=10

So, this is my /etc/pam.d/login :

#%PAM-1.0
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth       include      system-auth
auth       required     pam_lastlog.so inactive=10
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      system-auth
-session   optional     pam_ck_connector.so

I log in through ssh as a user, and log out.

After that I set up the time 1 year in the future, as root logged in on TTY1:

# date --set "...."
# hwclock --systohc

I even reboot the VM, but still, when it gets back, I’m able to log in as user through ssh.

Any ideas what am I doing wrong here?

One Answer

I even reboot the VM, but still, when it gets back, I'm able to log in as user through ssh.

Apples and oranges. You're editing the login file, but you're performing tests against sshd. The sshd daemon calls the PAM library directly with a service name of sshd, thus the identically named file is used.

In the event that you were not aware that the login file maps to authentication attempts by an actual command named login (which is invoked by your getty), man login is recommended reading material.

Answered by Andrew B on August 5, 2020

Add your own answers!

Related Questions

NGINX/GemInABox – static links aren’t properly passed

0  Asked on December 8, 2020 by anotherclueless

     

How do I start & stop my AKS cluster?

2  Asked on December 8, 2020 by sarabpreet-singh

   

Nginx rewrite: replace – with /

2  Asked on December 7, 2020 by tomas-morgan

   

SCCM Application Deployment – No Status or Errors

1  Asked on December 6, 2020 by jshizzle

 

Centos 7 Sofia-sip dependency for Janus sip gateway

2  Asked on December 6, 2020 by dmitriy-povolotskiy

   

Switching NICs in VPN tunnel

0  Asked on December 6, 2020 by kubek

   

Asterisk / Elastix Address Book and Call Recording

1  Asked on December 3, 2020 by ullash

   

How to know if mysql server is using sha_256 or caching_sha_256?

0  Asked on December 2, 2020 by noah-j-standerson

   

Booting a squashed filesystem from ISO

0  Asked on December 2, 2020 by rudolfs-bundulis

       

Ask a Question

Get help from others!

© 2022 AnswerBun.com. All rights reserved. Sites we Love: PCI Database, MenuIva, UKBizDB, Menu Kuliner, Sharing RPP, SolveDir