pam_fm_notify

Many Solaris are aware of the the Fault Management Architecture in Solaris. However, it’s not really a habit i’ve seen frequently to have a regular peek into the output of fmlist to look after the faults detects by Solaris. In Solaris a new PAM module has been integrated, that gives you a message, that looking into the information of the FMA may be not the dumbest idea.

It’s already in the default pam configuration:

jmoekamp@testbed:~$ grep -i "session" /etc/pam.d/other
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
session definitive      pam_user_policy.so.1
session required        pam_unix_session.so.1
session optional        pam_fm_notify.so.1

However by default, the module does nothing. You won’t get the message to look after the FMA

joergmoellenkamp@Mac ~ % ssh jmoekamp@192.168.39.122
(jmoekamp@192.168.39.122) Password: 
Last login: Thu Apr  3 05:09:23 2025 from 192.168.39.121
Oracle Solaris 11.4.79.189.2                     Assembled March 2025
jmoekamp@testbed:~$ 

The reason for not being the default is simple: Perhaps not all users allowed to log into the system should see this kind of information. In order to get this kind of information at login, you need an additional authorization. The necessary authorization is called solaris.fm.read. You can it this authorization to a user via usermod:

root@testbed:~# usermod -A +solaris.fm.read jmoekamp

Next time you login as jmoekamp you will see a small, but useful addition to the output:

joergmoellenkamp@Mac ~ % ssh jmoekamp@192.168.39.122
(jmoekamp@192.168.39.122) Password: 
Last login: Thu Apr  3 05:11:43 2025 from 192.168.39.121
NOTE: system has 2 active diagnoses; run 'fmadm list' for details.
Oracle Solaris 11.4.79.189.2                     Assembled March 2025