pam_fm_notify

While many Solaris admins are aware of the Fault Management Architecture inside of Solaris, it’s often not a natural habit to them to look at the output of fmlist just for a quick look what the FMA has seen. In Solaris 11.4 is now a PAM module that gives you an hint, that looking at the FMA may be a good idea. It’s implemented via an PAM module.

>root@ldap:/etc/pam.d# grep -i "session" other
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
session definitive      pam_user_policy.so.1
session required        pam_unix_session.so.1
session optional        pam_fm_notify.so.1

As the information about the number of errors is probably an information that you don’t want to share too broadly, the output of this module is dependent on the condition, that the user has the solaris.fm.read authorization. To add this authorization to an user, you can use the usermod command:

>root@ldap:/etc/pam.d# usermod -A +solaris.fm.read jmoekamp

Next time you login as jmoekamp you will see a useful addition to the output:

>root@ldap:/etc/pam.d# ssh jmoekamp@localhost
Password:
Last login: Fri Apr 27 17:04:12 2018 from ::1
<b>NOTE: system has 1 active defect; run 'fmadm list' for details.</b>
Oracle Corporation      SunOS 5.11      Solaris_11/11.4[...]     March 2018