disable unix/utmp modules in the default config

doc/ChangeLog

@@ -11,6 +11,9 @@ FreeRADIUS 3.2.7 Sat 24 Aug 2024 12:00:00 UTC urgency=low
 	  better match behavior of radsecproxy.
 	* python2 and rlm_couchbase are no longer available in the
 	  alpine docker image.
+	* utmp files are becoming obsolete due to 32-bit time. unix/radwtmp
+	  have been commented out in the default config and "radlast" is
+	  no longer installed if "last" is not present on the system.
 
 	Feature improvements
 	* Print MD5 hash of the configuration files in debug mode.
@@ -59,7 +62,6 @@ FreeRADIUS 3.2.7 Sat 24 Aug 2024 12:00:00 UTC urgency=low
 	* Better handler single-character expansions.  Fixes #2216.
 	* Correct calculation of EAP length in pre-proxy.  Fixes #5486.
 	* Don't segfault when using detail listeners. Fixes #5485
-	* radlast is no longer installed if "last" is not present.
 	* Add check for Couchbase v2, rlm_couchbase won't build on v3.
 
 FreeRADIUS 3.2.6 Sat 24 Aug 2024 12:00:00 UTC urgency=low

raddb/mods-available/radutmp

@@ -8,6 +8,9 @@
 #  This file is used mainly for Simultaneous-Use checking,
 #  and also 'radwho', to see who's currently logged in.
 #
+#  The 'utmp' file format is becoming obsolete. You should use
+#  a database instead.
+#
 radutmp {
 	#  Where the file is stored.  It's not a log file,
 	#  so it doesn't need rotating.

raddb/mods-available/sradutmp

@@ -2,13 +2,18 @@
 #
 #  $Id$
 
-# "Safe" radutmp - does not contain caller ID, so it can be
-# world-readable, and radwho can work for normal users, without
-# exposing any information that isn't already exposed by who(1).
 #
-# This is another 'instance' of the radutmp module, but it is given
-# then name "sradutmp" to identify it later in the "accounting"
-# section.
+#  "Safe" radutmp - does not contain caller ID, so it can be
+#  world-readable, and radwho can work for normal users, without
+#  exposing any information that isn't already exposed by who(1).
+#
+#  This is another 'instance' of the radutmp module, but it is given
+#  then name "sradutmp" to identify it later in the "accounting"
+#  section.
+#
+#  'utmp' files are becoming obsolete. You should use a database
+#  instead.
+#
 radutmp sradutmp {
 	filename = ${logdir}/sradutmp
 	permissions = 0644

raddb/mods-available/unix

@@ -21,5 +21,9 @@ unix {
 	#  Note that the radwtmp file may get large!  You should
 	#  rotate it (cp /dev/null radwtmp), or just not use it.
 	#
+	#  wtmp files are gradually becoming obsolete. Some systems
+	#  may not have 'last' or 'radlast' available any more.
+	#  You shoud use a database instead.
+	#
 	radwtmp = ${logdir}/radwtmp
 }

raddb/sites-available/decoupled-accounting

@@ -91,15 +91,16 @@ accounting {
 
 	#  Update the wtmp file
 	#
-	#  If you don't use "radlast", you can delete this line.
-	unix
+	#  If you don't use "radlast" (becoming obsolete and no longer
+	#  available on all systems), you can delete this line.
+#	unix
 
 	#
 	#  For Simultaneous-Use tracking.
 	#
 	#  Due to packet losses in the network, the data here
 	#  may be incorrect.  There is little we can do about it.
-	radutmp
+#	radutmp
 #	sradutmp
 
 	#

raddb/sites-available/default

@@ -699,6 +699,7 @@ accounting {
 	#  recorded from the corresponding Access-Accept
 	#  use it only if your NAS boxes do not support CUI themselves
 #	cui
+
 	#
 	#  Create a 'detail'ed log of the packets.
 	#  Note that accounting requests which are proxied
@@ -708,8 +709,9 @@ accounting {
 
 	#  Update the wtmp file
 	#
-	#  If you don't use "radlast", you can delete this line.
-	unix
+	#  If you don't use "radlast" (becoming obsolete and no longer
+	#  available on all systems), you can delete this line.
+#	unix
 
 	#
 	#  For Simultaneous-Use tracking.

raddb/sites-available/inner-tunnel

@@ -289,7 +289,7 @@ authenticate {
 #  or rlm_sql module can handle this.
 #  The rlm_sql module is *much* faster
 session {
-	radutmp
+#	radutmp
 
 	#
 	#  See "Simultaneous Use Checking Queries" in `mods-config/sql/main/$driver/queries.conf`