bin/117773: 'w -n' still dispalys names for IPv6 connections
Bob Van Zant
bob at veznat.com
Mon Nov 12 11:10:02 PST 2007
The following reply was made to PR bin/117773; it has been noted by GNATS.
From: Bob Van Zant <bob at veznat.com>
To: bug-followup at FreeBSD.org,
petefrench at ticketswitch.com
Subject: Re: bin/117773: 'w -n' still dispalys names for IPv6 connections
Date: Tue, 13 Nov 2007 00:18:03 +0530
I did manage to repro this and have found that what's in /var/run/utmp
contains the hostname of the connected host, not the IP (or IPv6)
I think pam_lastlog is what keeps utmp current and this comes from
pam_lastlog.c::pam_sm_open_session(). The IP address that should be
written comes in via pam_handle_t.
It appears that pam_lastlog.c simply dumps whatever comes in for
PAM_RHOST. Digging down into openpam we see that PAM_RHOST is "The
name of the applicant's host."
Falling back up into OpenSSH's auth-pam.c we see that it sets
PAM_RHOST to the remote name or IP (get_remote_name_or_ip()). So this
sets up pam_lastlog to log the hostname if it knows it and only if it
can't find the reverse name it logs the IP.
The gist of this is, quite simply, that what's in /var/run/utmp is
correct. It is supposed to be the hostname, if known and otherwise the
w(1) -n does exactly what it's supposed to: it does "not attempt to
resolve network addresses." So rest assured that no reverse DNS
queries are being done even though hostnames are showing up.
All of that said I believe this bug can be closed without doing any
More information about the freebsd-bugs