pam_lastlog —
login accounting PAM module
[service-name] module-type
  control-flag pam_lastlog
  [options]
The login accounting service module for PAM provides functionality for only one
  PAM category: session management. In terms of the
  module-type parameter, this is the
  “session” feature.
The login accounting session management component provides functions to initiate
  (pam_sm_open_session()) and terminate
  (pam_sm_close_session()) sessions. The
  pam_sm_open_session() function records the session in
  the utmp(5),
  utmpx(5),
  wtmp(5),
  wtmpx(5),
  lastlog(5), and
  lastlogx(5) databases. The
  pam_sm_close_session() function does nothing.
The following options may be passed to the authentication
  module:
  - debug
- syslog(3) debugging
      information at LOG_DEBUGlevel.
- no_nested
- Don't update records or print messages if the user is
      “nested”, i.e. logged in on the same tty on top of another
      user.
- no_warn
- suppress warning messages to the user.
- no_fail
- Ignore I/O failures.
last(1),
  w(1),
  login(3),
  loginx(3),
  logout(3),
  logoutx(3),
  pam.conf(5),
  utmp(5),
  utmpx(5),
  lastlogin(8),
  pam(8)
Thepam_lastlog module and this manual page were
  developed for the FreeBSD Project by ThinkSec AS and
  NAI Labs, the Security Research Division of Network Associates, Inc. under
  DARPA/SPAWAR contract N66001-01-C-8035 (“CBOSS”), as part of the
  DARPA CHATS research program.