[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Should pam_unix log non-interactive sessions? [cas@taz.net.au: Bug#612382: pam, non-interactive-sessions, and pam_unix spamming the auth log]

Am 13.02.2011 23:45, schrieb Steve Langasek:
> Hi folks,
> I have a bug report objecting to pam_unix logging all PAM sessions,
> interactive and non-interactive alike, to syslog.  Should pam_unix be
> dropped from /etc/pam.d/common-session-noninteractive?  It's only after
> pam-auth-update started being used and common-session-noninteractive is
> split out that anyone mentioned this might be a problem; before that I
> assumed that having pam_unix log the session was the right thing to do.
> Any other arguments for/against this logging?
> On my systems, this affects atd, cron, and samba; conceptually it should
> also apply to services like imap, pop and ppp, but in practice these
> services haven't switched over to common-session-noninteractive at all yet.
> Any change to the pam_unix profile now would impact those services later, so
> if people expect syslogging of those sessions via pam_unix, we should
> determine that now.

*We* need those logging on our machines per default and I don't think,
that we are the only one. Non-interactive sessions should still be logged.
Personaly I would wish, that I can see in auth.log, if it is
{non-}interactive or not, but that is not the topic of this thread.

Mit freundlichem Gruß / With kind regards,
 Patrick Matthäi
 GNU/Linux Debian Developer

E-Mail: pmatthaei@debian.org

Always if we think we are right,
we were maybe wrong.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: