Date: Sat, 26 Jun 2010 22:30:29 -0500 From: Martin McCormick <martin@dc.cis.okstate.edu> To: freebsd-questions@freebsd.org Subject: Running an Old Kernel Solved. Message-ID: <201006270330.o5R3UT4r056839@dc.cis.okstate.edu>
next in thread | raw e-mail | index | archive | help
There is a /etc/pam.d and a /usr/local/etc/pam.d. /etc/pam.d has no sudo file in it but /usr/local/etc/pam.d does. I had never edited that file before but it seems to change slightly in 2007. The sudo file on the system that did not display the "last login" message has a modification date of December 20, 2007 and sudo, itself also has that date. Here is that file. # # $Id$ # # PAM configuration for the "sudo" service # # auth auth include system # account account include system # session # XXX: pam_lastlog (used in system) causes users to appear as though # they are no longer logged in in system logs. session required pam_permit.so # password password include system This line makes the difference. # XXX: pam_lastlog (used in system) causes users to appear as though # they are no longer logged in in system logs. This version effectively has no include system directive for that file. The system that did display the "last login" message had a pam.d/sudo file dated July of 2007. /usr/local/bin/sudo had a modification date of April 8 of 2008. I may have removed sudo and reinstalled it to try to get rid of the problem but I obviously did not also get a new /usr/local/etc/pam.d/sudo file which would probably have been the only change necessary. Here is the older file. # # $Id$ # # PAM configuration for the "sudo" service # # auth auth include system # account account include system # session session include system # password password include system Here's the big difference. session include system As soon as I commented it out, the problem went away. One needs to be xtremely careful in not restoring the old /usr/local/pam.d directory when building a new system and restoring files from the old system. I have been chasing this monster since the Summer of 2007. The new 8.0 system is presently turned off but I bet when I look at it on Monday, it has the 2007 /usr/local/etc/pam.d directory since I completely forgot about making sure it didn't get in to the new system. Martin McCormick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201006270330.o5R3UT4r056839>