Re: pam_wheel.so not loggingFrom: Skip Carter (firstname.lastname@example.org)
- Previous message: Thiago Conde Figueiro: "pam_wheel.so not logging"
- Maybe in reply to: Thiago Conde Figueiro: "pam_wheel.so not logging"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Thiago Conde Figueiro <email@example.com> Date: Tue, 04 Dec 2001 10:18:29 -0800 From: Skip Carter <firstname.lastname@example.org>
> Today I came across this issue on one of our RedHat 7.2 servers and I don't really know if this is the expected behavior. I enabled pam_wheel.so on /etc/pam.d/su as follows:
> auth required /lib/security/pam_wheel.so use_uid
> so that any user trying to su must be in the wheel group. If the user supplies the wrong password for root an entry is generated on syslog:
> Dec 4 11:39:22 localhost su(pam_unix): authentication failure; logname=user uid=502 euid=0 tty= ruser= rhost= user=root
> If the user knows the password for root but is not on the wheel group, he's denied authentication, as expected. However, no entry on the log is generated. It would be nice to know if a user who knows the password for root was denied authentication because he/she is not in the wheel group.
> Any thoughts?
This is what is expected (at least its the way the module is coded). The auth
was generated by the pam_unix module, NOT pam_wheel. If you add the arg
auth required /lib/security/pam_wheel.so use_uid debug
You will get the additional logging that you want (along with some extra stuff
IS only useful when debugging); it would have been nice of the module had a
'verbose' or 'log'
-- Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647 Taygeta Scientific Inc. INTERNET: email@example.com 1340 Munras Ave., Suite 314 WWW: http://www.taygeta.com Monterey, CA. 93940