Re: pam_wheel.so not logging

From: Skip Carter (skip@taygeta.com)
Date: 12/04/01


To: Thiago Conde Figueiro <thiago@ciphertech.com.br>
Date: Tue, 04 Dec 2001 10:18:29 -0800
From: Skip Carter <skip@taygeta.com>


>
> Today I came across this issue on one of our RedHat 7.2 servers and I don't really know if this is the expected behavior. I enabled pam_wheel.so on /etc/pam.d/su as follows:
>
> auth required /lib/security/pam_wheel.so use_uid
>
> so that any user trying to su must be in the wheel group. If the user supplies the wrong password for root an entry is generated on syslog:
>
> Dec 4 11:39:22 localhost su(pam_unix)[3339]: authentication failure; logname=user uid=502 euid=0 tty= ruser= rhost= user=root
>
> If the user knows the password for root but is not on the wheel group, he's denied authentication, as expected. However, no entry on the log is generated. It would be nice to know if a user who knows the password for root was denied authentication because he/she is not in the wheel group.
>
> Any thoughts?

This is what is expected (at least its the way the module is coded). The auth
failure notice
was generated by the pam_unix module, NOT pam_wheel. If you add the arg
'debug',

 auth required /lib/security/pam_wheel.so use_uid debug

You will get the additional logging that you want (along with some extra stuff
that really
IS only useful when debugging); it would have been nice of the module had a
'verbose' or 'log'
arg .

-- 
 Dr. Everett (Skip) Carter      Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Scientific Inc.        INTERNET: skip@taygeta.com
 1340 Munras Ave., Suite 314    WWW: http://www.taygeta.com
 Monterey, CA. 93940