[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Should pam_unix log non-interactive sessions? [cas@taz.net.au: Bug#612382: pam, non-interactive-sessions, and pam_unix spamming the auth log]

]] Steve Langasek 

| Hi folks,
| I have a bug report objecting to pam_unix logging all PAM sessions,
| interactive and non-interactive alike, to syslog.  Should pam_unix be
| dropped from /etc/pam.d/common-session-noninteractive?  It's only after
| pam-auth-update started being used and common-session-noninteractive is
| split out that anyone mentioned this might be a problem; before that I
| assumed that having pam_unix log the session was the right thing to do.
| Any other arguments for/against this logging?

I've found it useful to have the logging there, and it's easy enough to
turn off if you don't want it there.  (I'd love it if there was a way
for admins to have a local per-pam-module override file of the bits in
/usr/share/pam-configs, say you had /etc/pam-auth/override/libpam-mount
it would override /usr/share/pam-configs/libpam-mount.)

Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are

Reply to: