PAM touching shadow?
Eric Reischer
emr at engr.de.psu.edu
Mon Jul 19 02:27:02 UTC 2004
I've been fighting with this problem for a few weeks now, and I think I've
at least narrowed it down to a package. I am using the SNARE auditing
package to monitor activity on machines attached to a local network; a
requirement by the government organization we work with. Unfortunately,
however, our workstations running xscreensaver have SNARE reporting that
the (non-root) logged-in user unsuccessfully attempts to touch the
/etc/shadow file, with timestamps that correspond to the exact times that
the user unlocks the window via xscreensaver.
I have narrowed it down to PAM (I think), as I've recompiled xscreensaver
with absolutely no passwd references; only the PAM libraries compiled in,
and the problem still presents itself. Does anyone know if PAM is making
this call at some point, and if so, what is the reason behind it? Is PAM
just doing a sanity permission check on the shadow file?
Any input (other than ignoring the error, which is unacceptable to our
sponsors) would be appreciated.
Regards,
Eric
P.S. -- System is RH 9 Stable, updates current as of 7-12-04.
*********************************************************************
Eric Reischer emr at engr.de.psu.edu
"The greater our knowledge increases,
the greater our ignorance unfolds." -- John F. Kennedy
*********************************************************************
More information about the Pam-list
mailing list