On 10 November 2013 23:44, Max B <txtmb@yahoo.fr> wrote:
in shadow-4.1.5.1/src/login.c , which reads /etc/login.defs for FAILLOG_ENAB
#ifndef USE_PAM motd (); /* print the message of the day */
if ( getdef_bool ("FAILLOG_ENAB")
(...)
Does anyone know why this segment of code is unused when USE_PAM
is defined??
I guess this is because there are modules (pam_motd and pam_faildelay - part of libpam-modules) which do this already when PAM is enabled and they are configured as part of the login process.
Administrators can enable/disable them as required. If the code was enabled regardless of PAM you a) get the same checks 2 times and b) administrators cannot disable them if required.