pam_unix logs unknown usernames to syslog
Running current potato. I have the following lines in /etc/login.defs:
# Enable display of unknown usernames when login failures are recorded.
#
LOG_UNKFAIL_ENAB no
I understand that the point of this is to prevent logs from containing
passwords should users accidentally type them (instead of the username) at
the login prompt.
However, the pam_unix.so module doesn't seem to be handling this
properly. Here is an example of a telnet attempt to my machine using a
known bad username:
Apr 5 01:49:43 tarkin PAM_unix[5145]: check pass; user unknown
Apr 5 01:49:43 tarkin PAM_unix[5145]: authentication failure; (uid=0)
-> asddf for login service
Apr 5 01:49:45 tarkin login[5145]: FAILED LOGIN (1) on `ttyq0' from
`vader' FOR `UNKNOWN', Authentication service cannot
retrieve authentication info.
Apparently login handles this correctly but pam_unix.so does not? Or is
there an option to turn this off? (I didn't see any args that would do
this in the docs.)
Here is my line in /etc/pam.d/login:
auth required pam_unix.so
Reply to: