[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Seeking comments on PAM logging change



On Sun, 14 Mar 2004 05:09, Sam Hartman <hartmans@debian.org> wrote:
> Bug #213566 is another complaint about how PAM handles logging.
> Currently PAM_unix calls openlog in the pam library in an attempt to
> make sure that PAM authentication messages are logged claiming to be
> from the PAM service name (pam_unix) instead of from the application
> or in cases of applications that do not call openlog, from unnamed
> syslog lines.

Why not do system("logger ...")?

Running the logger program will allow you to set the tag and facility without 
interfering with anything else, and it will also support being called from an 
application that has never called openlog() (there is no requirement that an 
application call openlog() before using PAM AFAIK).

This seems like a neat solution which is easy to code and does not have 
side-affects.

NB  It's expected that PAM modules can call external programs such as 
unix_chkpwd.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page



Reply to: