Bug 152061

Summary: pam_succeed_if PAM module sending "authpriv" syslog messages even if "debug" not specified.
Product: [Fedora] Fedora Reporter: Wayne Pollock <pollock>
Component: pamAssignee: Tomas Mraz <tmraz>
Status: CLOSED DUPLICATE QA Contact:
Severity: low Docs Contact:
Priority: medium    
Version: 2   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-03-24 18:04:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Wayne Pollock 2005-03-24 17:41:55 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2

Description of problem:
This PAM module is used in the default "system-auth" PAM configuration
file.  Every login attempt gets logged with this module as
a "authpriv" event, priority unknown.  However this is the behavior
expected if the "debug" module argument was used, not if it is omitted.
There doesn't seem to be any way to stop this module from reporting these
events!

Version-Release number of selected component (if applicable):
pam-0.77-40

How reproducible:
Always

Steps to Reproduce:
1. log in as a non-system account (UID > 100)
2. Examine /var/log/secure and observe log message

  

Actual Results:  Mar 24 13:19:11 cws sshd[22657]: pam_succeed_if: requirement "uid < 100" not met by user "wpollock"


Expected Results:  No log message, as the "debug" argument is not passed to the module

Additional info:

/etc/pam.d/system-auth line:

account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100
Comment 1 Tomas Mraz 2005-03-24 18:04:41 UTC 
This doesn't have anything with the debug parameter. This syslog message can be
useful not only for debugging however in other cases (like this usage in the
default system-auth) it's superfluous. This is fixed in current FC3 pam.


*** This bug has been marked as a duplicate of 124979 ***