[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: su/PAM_pwdb logging glitch?



On Fri, 20 Mar 1998, Chris Siebenmann wrote:

> [Environment: stock RedHat 5.0 install, stock /etc/pam.d setup]
> 
>  PAM_pwdb (as used in su) seems to have some problems logging full
> information about successful su's if the session su'ing is not in
> utmp (as it might be inside screen or inside an 'xterm -ut' window).
> Normally logged is:
> 	PAM_pwdb[26064]: (su) session opened for user root by cks(uid=0)
> When the session isn't in utmp what's logged is only
> 	PAM_pwdb[26105]: (su) session opened for user root by (uid=0)
> (ie no user name is logged). PAM_pwdb does successfully log the right
> information if a su fails and there is no a utmp entry:
> 	PAM_pwdb[26129]: 1 authentication failure; (uid=19) -> root for su service
> (all messages are taken from my /var/log/messages syslog log, shorn of
> time/host)

I have also a similar problem where a user in the wheel group using xterm
with no utmp entry cannot su at all ... I'd persume it is the same
problem ...

Dave.
 > 
>  Since I like to track all su's to root in our environment (we have
> multiple staff members who may do this), accurate logging of whodunit
> would be quite helpful.
> 
> --- 
> 		"there used to be two moons
> 		 then one of them
> 		 discovered coffee."		- Curtis Yarvin
> cks@hawkwind.utcs.toronto.edu	           ...!{utgpu,utzoo,watmath}!utgpu!cks
> 
> -- 
> To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com < /dev/null
> 
> 
> 

------------ David Airlie, David.Airlie@ul.ie,airlied@skynet --------
Telecommunications Research Centre, ECE Dept, University of Limerick \
http://www.csn.ul.ie/~airlied   -- Computer Engineering Postgrad      \
--- TEL: +353-61-202695 -----------------------------------------------



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []