[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

su/PAM_pwdb logging glitch?



[Environment: stock RedHat 5.0 install, stock /etc/pam.d setup]

 PAM_pwdb (as used in su) seems to have some problems logging full
information about successful su's if the session su'ing is not in
utmp (as it might be inside screen or inside an 'xterm -ut' window).
Normally logged is:
	PAM_pwdb[26064]: (su) session opened for user root by cks(uid=0)
When the session isn't in utmp what's logged is only
	PAM_pwdb[26105]: (su) session opened for user root by (uid=0)
(ie no user name is logged). PAM_pwdb does successfully log the right
information if a su fails and there is no a utmp entry:
	PAM_pwdb[26129]: 1 authentication failure; (uid=19) -> root for su service
(all messages are taken from my /var/log/messages syslog log, shorn of
time/host)

 Since I like to track all su's to root in our environment (we have
multiple staff members who may do this), accurate logging of whodunit
would be quite helpful.

--- 
		"there used to be two moons
		 then one of them
		 discovered coffee."		- Curtis Yarvin
cks@hawkwind.utcs.toronto.edu	           ...!{utgpu,utzoo,watmath}!utgpu!cks



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []