pam_timestamp_check man page
pam_timestamp_check — Check to see if the default timestamp is valid
pam_timestamp_check [-k] [-d] [target_user]
With no arguments pam_timestamp_check will check to see if the default timestamp is valid, or optionally remove it.
Instead of checking the validity of a timestamp, remove it. This is analogous to sudo's -k option.
Instead of returning validity using an exit status, loop indefinitely, polling regularly and printing the status on standard output.
By default pam_timestamp_check checks or removes timestamps generated by pam_timestamp when the user authenticates as herself. When the user authenticates as a different user, the name of the timestamp file changes to accommodate this. target_user allows to specify this user name.
The timestamp is valid.
The binary is not setuid root.
User is unknown.
Invalid controlling tty.
Timestamp is not valid.
Users can get confused when they are not always asked for passwords when running a given program. Some users reflexively begin typing information before noticing that it is not being asked for.
auth sufficient pam_timestamp.so verbose auth required pam_unix.so session required pam_unix.so session optional pam_timestamp.so
timestamp files and directories
pam_timestamp_check(8), pam.conf(5), pam.d(5), pam(8)
pam_tally was written by Nalin Dahyabhai.