<refnamediv id="pam_lastlog-name">
<refname>pam_lastlog</refname>
- <refpurpose>PAM module to display date of last login</refpurpose>
+ <refpurpose>PAM module to display date of last login and perform inactive account lock out</refpurpose>
</refnamediv>
<refsynopsisdiv>
Some applications may perform this function themselves. In such
cases, this module is not necessary.
</para>
+ <para>
+ If the module is called in the auth or account phase, the accounts that
+ were not used recently enough will be disallowed to log in. The
+ check is not performed for the root account so the root is never
+ locked out.
+ </para>
</refsect1>
<refsect1 id="pam_lastlog-options">
uid = pwd->pw_uid;
pwd = NULL; /* tidy up */
+ if (uid == 0)
+ return PAM_SUCCESS;
/* obtain the last login date and all the relevant info */
last_fd = last_login_open(pamh, ctrl, uid);