Action if login happened
Dan Yefimov
dan at nf15.lightwave.net.ru
Thu Jan 15 20:10:07 UTC 2009
On 15.01.2009 22:38, Sascha Ochsenknecht wrote:
> Hi,
>
> I would like to execute a command whenever somebody tries to login on a
> machine. The command should have following information (via env or
> something else):
>
> a) username
> b) login successful / login failed
> c) if failed -> why? (password wrong or non-existing username)
>
Generally speaking, that information is written into syslog by majority of
modules designed for authentication in the case of login failure.
> I played a bit with pam_exec, but I'm not sure how to pass the
> information to the command specified with the pam_exec module. I know
> that I can get the username from the env PAM_USER. But the other
> information?
>
Login success/failure status becomes known only after auth stack is through with
it's job and only to the calling application. In addition, login failure may be
caused with account stack. So there is no way to accomplish what you want.
--
Sincerely Your, Dan.
More information about the Pam-list
mailing list