Re: Seeking comments on PAM logging change
On Sun, 14 Mar 2004 05:09, Sam Hartman <hartmans@debian.org> wrote:
> Bug #213566 is another complaint about how PAM handles logging.
> Currently PAM_unix calls openlog in the pam library in an attempt to
> make sure that PAM authentication messages are logged claiming to be
> from the PAM service name (pam_unix) instead of from the application
> or in cases of applications that do not call openlog, from unnamed
> syslog lines.
Why not do system("logger ...")?
Running the logger program will allow you to set the tag and facility without
interfering with anything else, and it will also support being called from an
application that has never called openlog() (there is no requirement that an
application call openlog() before using PAM AFAIK).
This seems like a neat solution which is easy to code and does not have
side-affects.
NB It's expected that PAM modules can call external programs such as
unix_chkpwd.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: