From owner-freebsd-questions@FreeBSD.ORG Sun Jun 27 03:30:57 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7EEB9106566C for ; Sun, 27 Jun 2010 03:30:57 +0000 (UTC) (envelope-from martin@dc.cis.okstate.edu) Received: from dc.cis.okstate.edu (dc.cis.okstate.edu [139.78.103.93]) by mx1.freebsd.org (Postfix) with ESMTP id 5144B8FC0A for ; Sun, 27 Jun 2010 03:30:57 +0000 (UTC) Received: from dc.cis.okstate.edu (localhost.cis.okstate.edu [127.0.0.1]) by dc.cis.okstate.edu (8.14.2/8.13.8) with ESMTP id o5R3UT4r056839 for ; Sat, 26 Jun 2010 22:30:37 -0500 (CDT) (envelope-from martin@dc.cis.okstate.edu) Message-Id: <201006270330.o5R3UT4r056839@dc.cis.okstate.edu> to: freebsd-questions@freebsd.org Date: Sat, 26 Jun 2010 22:30:29 -0500 From: Martin McCormick Subject: Running an Old Kernel Solved. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jun 2010 03:30:57 -0000 There is a /etc/pam.d and a /usr/local/etc/pam.d. /etc/pam.d has no sudo file in it but /usr/local/etc/pam.d does. I had never edited that file before but it seems to change slightly in 2007. The sudo file on the system that did not display the "last login" message has a modification date of December 20, 2007 and sudo, itself also has that date. Here is that file. # # $Id$ # # PAM configuration for the "sudo" service # # auth auth include system # account account include system # session # XXX: pam_lastlog (used in system) causes users to appear as though # they are no longer logged in in system logs. session required pam_permit.so # password password include system This line makes the difference. # XXX: pam_lastlog (used in system) causes users to appear as though # they are no longer logged in in system logs. This version effectively has no include system directive for that file. The system that did display the "last login" message had a pam.d/sudo file dated July of 2007. /usr/local/bin/sudo had a modification date of April 8 of 2008. I may have removed sudo and reinstalled it to try to get rid of the problem but I obviously did not also get a new /usr/local/etc/pam.d/sudo file which would probably have been the only change necessary. Here is the older file. # # $Id$ # # PAM configuration for the "sudo" service # # auth auth include system # account account include system # session session include system # password password include system Here's the big difference. session include system As soon as I commented it out, the problem went away. One needs to be xtremely careful in not restoring the old /usr/local/pam.d directory when building a new system and restoring files from the old system. I have been chasing this monster since the Summer of 2007. The new 8.0 system is presently turned off but I bet when I look at it on Monday, it has the 2007 /usr/local/etc/pam.d directory since I completely forgot about making sure it didn't get in to the new system. Martin McCormick