[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: logging password changes

On Mon, Apr 03, 2000 at 04:50:09PM +0000, Jim Breton wrote:
> Running current potato and I have the following in /etc/pam.d/passwd:
> password required       pam_cracklib.so retry=3 minlen=6 difok=4
> password required       pam_unix.so use_authtok md5
> This works well for logging password-changing failures and related
> messages.  However when a password change is *successful,* nothing is
> sent to syslog.
> How can I set that up?  I've been using
> http://www.us.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam-6.html as
> a reference for the module arguments but it appears to be a bit stale.
> I tried adding the following line to the end of the stack:
> session        required        pam_unix.so
> which did log password changes but it wrote too much crap to the logs
> because it sent a log entry as soon as I ran "passwd" as well as another
> one when passwd exited:
> Apr  3 12:39:06 atw PAM-warn[6608]: service: passwd [on terminal:
> <unknown>]
> Apr  3 12:39:06 atw PAM-warn[6608]: user: (uid=0) -> test [remote:
> ?nobody@?nowhere]
> Apr  3 12:39:16 atw PAM-warn[6608]: service: passwd [on terminal:
> <unknown>]
> Apr  3 12:39:16 atw PAM-warn[6608]: user: (uid=0) -> test [remote:
> ?nobody@?nowhere]
> leaving me with 4 mostly-useless lines in the logs.
> slink used to log successful password changes, I just am not totally
> familiar with PAM yet (getting there though).

Install libpam-doc, which is more up-to-date and probably more complete
than the above address. Adding session to the passwd pam.d file doesn't
seem like the right solution. The PAM library itself should log when the
authentication tokens are updated or changed.

/  Ben Collins  --  ...on that fantastic voyage...  --  Debian GNU/Linux   \
`     bcollins@debian.org  --  bcollins@openldap.org  --  bmc@visi.net     '

Reply to: