PAM_TIMESTAMP_CHECK(8) Linux-PAM Manual PAM_TIMESTAMP_CHECK(8)
pam_timestamp_check – Check to see if the default timestamp is valid
pam_timestamp_check [-k] [-d] [target_user]
With no arguments pam_timestamp_check will check to see if the default
timestamp is valid, or optionally remove it.
Instead of checking the validity of a timestamp, remove it. This is
analogous to sudo’s -k option.
Instead of returning validity using an exit status, loop
indefinitely, polling regularly and printing the status on standard
By default pam_timestamp_check checks or removes timestamps
generated by pam_timestamp when the user authenticates as herself.
When the user authenticates as a different user, the name of the
timestamp file changes to accommodate this. target_user allows to
specify this user name.
The timestamp is valid.
The binary is not setuid root.
User is unknown.
Invalid controlling tty.
Timestamp is not valid.
Users can get confused when they are not always asked for passwords
when running a given program. Some users reflexively begin typing
information before noticing that it is not being asked for.
auth sufficient pam_timestamp.so verbose
auth required pam_unix.so
session required pam_unix.so
session optional pam_timestamp.so
timestamp files and directories
pam_timestamp_check(8), pam.conf(5), pam.d(5), pam(8)
pam_tally was written by Nalin Dahyabhai.
Linux-PAM Manual 09/19/2013 PAM_TIMESTAMP_CHECK(8)