Bug 124979
Summary: | pam_succeed_if.so generates noisy secure syslog msgs | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Scott Moorhouse <smoorhouse> | ||||
Component: | pam | Assignee: | Tomas Mraz <t8m> | ||||
Status: | CLOSED RAWHIDE | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 2 | CC: | bugzilla, mattdm, mike, mitr, oliva, pollock, shiva, t8m, zaitcev | ||||
Target Milestone: | --- | Keywords: | FutureFeature | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | pam-0.77-56 | Doc Type: | Enhancement | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2004-09-22 07:45:36 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Scott Moorhouse
2004-06-01 19:19:33 UTC
I got the same message last night as well, but my pam version is a tad higher... pam-0.77-44 Hard to know what to do about this one -- obviously there are a lot of cases where one would want to use this module and would very much want success or failure to be logged. Hmmm -- or maybe a flag which toggles whether success or failure is logged? In this particular use, the interesting case is when the uid *is* less than 100 -- not when the test fails. You make a good point, Matthew. log_pass, log_fail, log_both maybe? I was leaning toward Scott's view, but Matthew's right that in many cases you'd want that information logged. Perhaps flags to quiet the module would be better, since in this instance we don't care enough either way, and authconfig can pick up a versioned dependency on whichever pam package starts recognizing a "be more quiet" flag. See also bug 55193 where this noise was introduced. Created attachment 103674 [details]
Pro
For proposed patch see above. I've added 3 obvious parameters to the module - quiet (don't log success or failure), quiet_fail (don't log failure), quiet_success (don't log success). I have opened a new bug 133179 against authconfig to include the quiet option for pam_succeed_if in system-auth file. For an immediate workaround for people who do not need _any_ reports on this, in /etc/log.d/conf/services/secure.conf add dovecot-auth to $ignore_services These module parameters did not make it into the pam_succeed_if manpage in the FC3 release. Yes, please open a new bug for that issue. *** Bug 152061 has been marked as a duplicate of this bug. *** *** Bug 158103 has been marked as a duplicate of this bug. *** |