danmcd
commented
8 years ago Will pull this in after I merge a 6057-integrated illumos-gate into illumos-omnios.
Closed lotheac closed 8 years ago
danmcd
commented
8 years ago Will pull this in after I merge a 6057-integrated illumos-gate into illumos-omnios.
danmcd
commented
8 years ago Actually, one question --> does Joyent --disable-lastlog? It seems to be a NOP because of PAM, so why include it?
lotheac
commented
8 years ago On Mon, Nov 30 2015 04:36:12 -0800, Dan McDonald wrote:
Actually, one question --> does Joyent --disable-lastlog? It seems to be a NOP because of PAM, so why include it?
They do: https://github.com/joyent/illumos-extra/blob/master/openssh/Makefile#L46
It isn't really a no-op. If you don't --disable-lastlog, OpenSSH will use lastlog.h to generate code with which to update and read lastlog by itself, which we do not want if pam_unix_session handles these tasks.
To be fair, maybe the lastlogin patch should do it by itself, but it doesn't.
Lauri Tirkkonen | lotheac @ IRCnet
danmcd
commented
8 years ago Thanks. Stay tuned.
lotheac
commented
8 years ago Rebased as you asked. Turns out you already pulled in the patches making this PR pretty trivial.
lotheac
commented
8 years ago Just a reminder to pull this in now that you've merged the lastlog stuff into illumos-omnios.
This should be applied to make OpenSSH's last login messages work correctly after the fix for https://www.illumos.org/issues/6057 (although since they don't currently work correctly with UsePAM yes, it won't hurt much to apply this beforehand either if you want).
The PAM patch does mean that UsePAM is always enabled, but I don't think that's a problem.