The following patch adds syslog message to pam_loginuid to log if the required auditd is not detected. It is currently not easy for sysadmin to find out what caused the PAM failure if the required_auditd option is used and auditd is not running. OK to commit? diff --git a/modules/pam_loginuid/pam_loginuid.c b/modules/pam_loginuid/pam_loginuid.c index 73c42f9..9a1589e 100644 --- a/modules/pam_loginuid/pam_loginuid.c +++ b/modules/pam_loginuid/pam_loginuid.c @@ -234,6 +234,8 @@ _pam_loginuid(pam_handle_t *pamh, int flags UNUSED, if (require_auditd) { int rc = check_auditd(); + if (rc != PAM_SUCCESS) + pam_syslog(pamh, LOG_ERR, "required running auditd not detected"); return rc != PAM_SUCCESS ? rc : ret; } else #endif -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.)