On Thu, Sep 24, Tomas Mraz wrote:
The following patch adds syslog message to pam_loginuid to log if
the
required auditd is not detected. It is currently not easy for sysadmin
to find out what caused the PAM failure if the required_auditd option is
used and auditd is not running. OK to commit?
Fine with me.
Thorsten
diff --git a/modules/pam_loginuid/pam_loginuid.c
b/modules/pam_loginuid/pam_loginuid.c
index 73c42f9..9a1589e 100644
--- a/modules/pam_loginuid/pam_loginuid.c
+++ b/modules/pam_loginuid/pam_loginuid.c
@@ -234,6 +234,8 @@ _pam_loginuid(pam_handle_t *pamh, int flags UNUSED,
if (require_auditd) {
int rc = check_auditd();
+ if (rc != PAM_SUCCESS)
+ pam_syslog(pamh, LOG_ERR, "required running auditd not
detected");
return rc != PAM_SUCCESS ? rc : ret;
} else
#endif
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
(You'll never know whether the road is wrong though.)
_______________________________________________
Pam-developers mailing list
Pam-developers(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/pam-developers
--
Thorsten Kukuk, Senior Architect SLES & Common Code Base
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)