Re: How To Log Password Change

From: Bob Holding (etchttpd_at_yahoo.com)
Date: 08/28/04

  • Next message: Neil Zanella: "Re: xhost/xauth stuff: question" 
    Date: 28 Aug 2004 12:40:41 -0700

    Michael Heiming <michael+USENET@www.heiming.de> wrote in message news:<5ku502-3lp.ln1@news.heiming.de>...
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    > NotDashEscaped: You need GnuPG to verify this message
    >
    > In comp.os.linux.security Bob Holding <etchttpd@yahoo.com> suggested:
    > > There have been a few posts about this, but no answer...
    >
    > > Fedora Core 1 will send a bad password change to syslog, but not a
    > > vanilla password change... Any suggestions on how I can log regular
    > > password changes?
    >
    > > My first thought was to modify the source to passwd. So, I grabbed
    > [..]
    >
    > No need, take a look at:
    > /usr/share/doc/pam-*/txts/README.pam_pwdb
    >
    > And modify your pam configuration accordingly until it does what
    > you want.
    >
    > Good luck
    > ...

    Cool. Thanks for the tip! After doing a little more research I found
    http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam-6.html#ss6.19
    and
    http://www.linux.cu/documentos/RedHat/ref-guide/s1-sysadmin-auth.htm

    The latter had this example for /etc/pam.d/passwd:

    #%PAM-1.0
    auth required /lib/security/pam_securetty.so
    auth required /lib/security/pam_pwdb.so shadow nullok
    auth required /lib/security/pam_nologin.so
    account required /lib/security/pam_pwdb.so
    password required /lib/security/pam_cracklib.so
    password required /lib/security/pam_pwdb.so shadow nullok
    use_authtok
    session required /lib/security/pam_pwdb.so

    So, if anyone else wants to log password changes, modify
    /etc/pam.d/passwd (your PAM configuration file(s) may vary...) and
    you're good to go... The above PAM passwd config works for me.

  • Next message: Neil Zanella: "Re: xhost/xauth stuff: question"