PAM and utmp
 

Hi folks,

well, I did some searches on this already, but without success, so I
thought I'd ask here. Following issue:

I have the strong feeling that my ~x86 Gentoo box no longer seems to
record "local" logins into /var/run/utmp. When I use screen or login via
ssh, everything works fine, but I can do millions of local, non-X11
plain vanilla terminal logins without ever seeing anything when running
"who" or "w". And I have the feeling that this used to work in the past.

Now, what do I know, I tried to trace the problem down a bit. My
/var/run/utmp seems absolutely fine structure- and permission-wise. So I
had a look at the sources of /bin/login, because I believed that this
little guy actually writes to utmp entry when I login. That assumption
seemed to be wrong, however, since in cases where PAM is used (which is
the case here), /bin/login no longer seems to be responsible for that,
but instead it is handled by PAM. At least it looks so in the source.

Interestingly, I found a man page for the PAM module "pam_lastlog.so" on
the web which states that this modul would create the utmp entry. The
pam_lastlog man page on my local system only mentions /var/log/lastlog
and wtmp - nothing about utmp. So ... I have pam_lastlog in use here but
it in fact doesn't seem to make a difference utmp-wise. Is it possible
that the module *used* to do utmp stuff but no longer does today?

Some further searching revealed another PAM module called
"pam_loginuid", which, according to its man page, "sets the loginuid
process attribute for the process that was authenticated" and should be
used for "entry point applications like login". Aha. Tried that. Didn't
seem to do anything. Now I really wonder who on earth is really
responsible to record my login this days. ;-)

Am I the only thing seeing this, or can somebody confirm this? Any hints
would be greatly appreciated!

Thanks and greetings,
Nils


--
Nils Holland * Ti Systems, Wunstorf-Luthe (Germany)
Our Gentoo mirror: http://rush.tisys.org/ (IPv4 + IPv6)
Powered by GNU/Linux since 1998

PAM and utmp
 

On 22:37 Fri 17 Feb , Nils Holland wrote:

> I have the strong feeling that my ~x86 Gentoo box no longer seems to
> record "local" logins into /var/run/utmp. When I use screen or login via
> ssh, everything works fine, but I can do millions of local, non-X11
> plain vanilla terminal logins without ever seeing anything when running
> "who" or "w". And I have the feeling that this used to work in the past.

Replying to myself here, but...:

Obviously, /bin/login is responsible for handling utmp entries even when
PAM is in used, and the upstream maintainer disabled this in the
shadow-4.1.5 release (I could verify that it worked in shadow-4.1.4.3).
The issue seems to be known already, however, and should be fixed soon,
as can be seen at:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659957

That's enough for me to know then, I'll just wait for a new release of
"shadow", which will make it work again. I still thought I'd post this
follow-up here, in case anyone else stumbles over this issue. ;-)

Greetings,
Nils


--
Nils Holland * Ti Systems, Wunstorf-Luthe (Germany)
Our Gentoo mirror: http://rush.tisys.org/ (IPv4 + IPv6)
Powered by GNU/Linux since 1998