[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

pam_unix logs unknown usernames to syslog

Running current potato.  I have the following lines in /etc/login.defs:

# Enable display of unknown usernames when login failures are recorded.

I understand that the point of this is to prevent logs from containing
passwords should users accidentally type them (instead of the username) at
the login prompt.

However, the pam_unix.so module doesn't seem to be handling this
properly.  Here is an example of a telnet attempt to my machine using a
known bad username:

Apr  5 01:49:43 tarkin PAM_unix[5145]: check pass; user unknown
Apr  5 01:49:43 tarkin PAM_unix[5145]: authentication failure; (uid=0)
-> asddf for login service
Apr  5 01:49:45 tarkin login[5145]: FAILED LOGIN (1) on `ttyq0' from
`vader' FOR `UNKNOWN', Authentication service cannot
retrieve authentication info.

Apparently login handles this correctly but pam_unix.so does not?  Or is
there an option to turn this off?  (I didn't see any args that would do
this in the docs.)

Here is my line in /etc/pam.d/login:

auth       required   pam_unix.so

Reply to: