On Tue, 2012-04-17 at 18:52 +0400, Dmitry V. Levin wrote:
On Thu, Apr 12, 2012 at 08:36:01PM +0200, Tomas Mraz wrote:
> The attached patch adds auth and account types to the pam_lastlog
> module. The module will then provide possibility to lock out users that
> did not log-in (based on the lastlog file contents) recently enough.
If I read the code right, it is going to be lock out after 90 days of
inactivity by default, which is a change in behavior. Wouldn't it be
better to activate this new feature only when inactive= option is
specified?
This is no change in behavior as pam_lastlog could never be used in auth
or account phase before as it did not implement the callbacks for auth
and account.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb