bin/117773: 'w -n' still dispalys names for IPv6 connections

Bob Van Zant bob at
Mon Nov 12 11:10:02 PST 2007

The following reply was made to PR bin/117773; it has been noted by GNATS.

From: Bob Van Zant <bob at>
To: bug-followup at,
 petefrench at
Subject: Re: bin/117773: 'w -n' still dispalys names for IPv6 connections
Date: Tue, 13 Nov 2007 00:18:03 +0530

 I did manage to repro this and have found that what's in /var/run/utmp  
 contains the hostname of the connected host, not the IP (or IPv6)  
 I think pam_lastlog is what keeps utmp current and this comes from  
 pam_lastlog.c::pam_sm_open_session(). The IP address that should be  
 written comes in via pam_handle_t.
 It appears that pam_lastlog.c simply dumps whatever comes in for  
 PAM_RHOST. Digging down into openpam we see that PAM_RHOST is "The  
 name of the applicant's host."
 Falling back up into OpenSSH's auth-pam.c we see that it sets  
 PAM_RHOST to the remote name or IP (get_remote_name_or_ip()). So this  
 sets up pam_lastlog to log the hostname if it knows it and only if it  
 can't find the reverse name it logs the IP.
 The gist of this is, quite simply, that what's in /var/run/utmp is  
 correct. It is supposed to be the hostname, if known and otherwise the  
 IP address.
 w(1) -n does exactly what it's supposed to: it does "not attempt to  
 resolve network addresses." So rest assured that no reverse DNS  
 queries are being done even though hostnames are showing up.
 All of that said I believe this bug can be closed without doing any  

More information about the freebsd-bugs mailing list