logging password changes

To: debian-user@lists.debian.org
Subject: logging password changes
From: Jim Breton <jamesb-debian@alongtheway.com>
Date: Mon, 3 Apr 2000 16:50:09 +0000
Message-id: <[🔎] 20000403165009.B4789@alongtheway.com>

Running current potato and I have the following in /etc/pam.d/passwd:

password required       pam_cracklib.so retry=3 minlen=6 difok=4
password required       pam_unix.so use_authtok md5

This works well for logging password-changing failures and related
messages.  However when a password change is *successful,* nothing is
sent to syslog.

How can I set that up?  I've been using
http://www.us.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam-6.html as
a reference for the module arguments but it appears to be a bit stale.

I tried adding the following line to the end of the stack:
session        required        pam_unix.so

which did log password changes but it wrote too much crap to the logs
because it sent a log entry as soon as I ran "passwd" as well as another
one when passwd exited:

Apr  3 12:39:06 atw PAM-warn[6608]: service: passwd [on terminal:
<unknown>]
Apr  3 12:39:06 atw PAM-warn[6608]: user: (uid=0) -> test [remote:
?nobody@?nowhere]
Apr  3 12:39:16 atw PAM-warn[6608]: service: passwd [on terminal:
<unknown>]
Apr  3 12:39:16 atw PAM-warn[6608]: user: (uid=0) -> test [remote:
?nobody@?nowhere]

leaving me with 4 mostly-useless lines in the logs.

slink used to log successful password changes, I just am not totally
familiar with PAM yet (getting there though).

Thanks.  :)

Reply to:

Follow-Ups:
- Re: logging password changes
  - From: Ben Collins <bcollins@debian.org>

Prev by Date: Re: I have a gravis ultrasound card
Next by Date: Re: Set user ID on execution
Previous by thread: Re: Include directories
Next by thread: Re: logging password changes
Index(es):
- Date
- Thread