pam_issue

This is a PAM module, not a direct shell command. Its synopsis describes how it's configured in PAM service files (e.g., /etc/pam.d/login):

session optional pam_issue.so [options]

issue=FILE
    Specifies an alternative path to the local issue file instead of the default /etc/issue.

issue.net=FILE
    Specifies an alternative path to the remote issue file instead of the default /etc/issue.net.

nofail
    If specified, the module will not cause the authentication process to fail if the issue file cannot be opened or read (e.g., due to missing file or permissions).

filter_cr
    Replaces carriage return characters (\r) in the issue file with newline characters (\n), which can be useful for certain terminal types.

nonewline
    Suppresses the trailing newline character that is normally added after the content of the issue file is displayed.

nonet
    Prevents the display of the /etc/issue.net file, even if it exists and is relevant for the login type (e.g., remote SSH).

nodetach
    Prevents the module from forking a child process to display /etc/issue.net. This option can be relevant for services like sshd to prevent issues with pseudo-terminal allocation.

remap_net
    Applies escape sequence remapping (e.g., converting \m to machine architecture) to the content of /etc/issue.net. By default, remapping only applies to /etc/issue.

pam_issue is a Pluggable Authentication Module (PAM) designed to display the contents of the system's issue files, typically /etc/issue and /etc/issue.net, to users during the authentication process. It operates as a session module within the PAM stack. Its primary use case is to provide important system information, legal disclaimers, or welcome messages before the user is prompted for credentials or after a successful login but before the shell starts.

The module can interpret and replace specific escape sequences within the issue files (e.g., \m for machine architecture, \s for operating system name) with dynamic system information, making the displayed content more informative. It is commonly configured in PAM service files such as /etc/pam.d/login or /etc/pam.d/sshd to ensure that the message is presented consistently across different login methods.

pam_issue is a PAM module and is not executed directly from the command line. Its behavior is entirely dependent on its configuration within PAM service files.

Care should be taken not to include sensitive information in /etc/issue or /etc/issue.net as these files are displayed before user authentication.

The interpretation of escape sequences may vary slightly depending on the system's underlying libraries or specific PAM version.

pam_issue functions as a session type PAM module. Session modules are invoked after the authentication and account management phases and are responsible for setting up or tearing down the user's environment. For pam_issue, this means displaying the issue file content during the session establishment.

The following escape sequences, if present in /etc/issue or /etc/issue.net, are commonly interpreted and replaced by pam_issue with dynamic system information:

• \d: Current date
• \D: NIS domain name
• \h: Hostname
• \l: TTY line
• \m: Machine architecture (e.g., i686, x86_64)
• \n: Nodename (usually hostname)
• \o: Domain name (DNS)
• \O: Domain name (NIS)
• \r: Kernel release version
• \s: Operating system name
• \t: Current time (24-hour format)
• \T: Current time (12-hour format with AM/PM)
• \u: Number of currently logged-in users
• \U: Number of unique currently logged-in users
• \v: Kernel version

pam_issue has been a standard component of the Linux-PAM (Pluggable Authentication Modules for Linux) suite since its early development in the mid-1990s. Its functionality stems from the traditional Unix practice of displaying system information or warnings from /etc/issue and /etc/issue.net at login. As PAM became the standard authentication framework on Linux, pam_issue was created to integrate this long-standing feature into the modular and flexible PAM system, ensuring consistency and configurability for pre-login messages across various services.

issue(5), issue.net(5), pam(8), pam.conf(5), pam.d(5), login(1), sshd(8), motd(5)