retrieving failed usernames from a module? possible?

Dan Hollis goemon at sasami.anime.net
Wed Sep 28 20:30:46 UTC 2005


Is it possible for a module to retrieve the attempted username in a failed 
login if the user does not exist on the machine?

The module pam_abl[1] can only show NOUSER[2] when a login failure occurs 
with an invalid username.

Sep 25 19:18:36 sasami pam_abl[5562]: Blocking access from chenling.net to service sshd, user root
Sep 25 19:18:40 sasami pam_abl[2502]: Blocking access from chenling.net to service sshd, user NOUSER
Sep 25 19:18:43 sasami pam_abl[6949]: Blocking access from chenling.net to service sshd, user mysql
Sep 25 19:18:47 sasami pam_abl[30397]: Blocking access from chenling.net to service sshd, user NOUSER
Sep 25 19:18:50 sasami pam_abl[30622]: Blocking access from chenling.net to service sshd, user NOUSER
Sep 25 19:18:54 sasami pam_abl[3720]: Blocking access from chenling.net to service sshd, user NOUSER
Sep 25 19:18:58 sasami pam_abl[14504]: Blocking access from chenling.net to service sshd, user root
Sep 25 19:19:01 sasami pam_abl[10341]: Blocking access from chenling.net to service sshd, user root

I'd like to know what actual username was attempted, instead of "NOUSER".

Is it possible or would this need to be a modification to PAM?

-Dan

[1] http://www.hexten.net/pam_abl/
[2] http://www.hexten.net/bugzilla/show_bug.cgi?id=13




More information about the Pam-list mailing list