Red Hat Bugzilla – Bug 124979
pam_succeed_if.so generates noisy secure syslog msgs
Last modified: 2007-11-30 17:10:43 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040116 Description of problem: By default, pam_succeed_if.so is the first module in the system-auth account stack, checking if the userid is less than 100 (I assume to avoid unneccessary name service lookups for system accounts?). Each time this stack is traversed for a non-system user, pam_succeed_if generates an authpriv.info message: pam_succeed_if: requirement "uid < 100" not met by user "username" This will send an authpriv.info message every time a (non-system) user logs into dovecot, for instance, if dovecot is configured to check accounts with pam. This seems like a lot of log pollution for a commonplace and benign activity. Version-Release number of selected component (if applicable): pam-0.77-40
I got the same message last night as well, but my pam version is a tad higher... pam-0.77-44
Hard to know what to do about this one -- obviously there are a lot of cases where one would want to use this module and would very much want success or failure to be logged. Hmmm -- or maybe a flag which toggles whether success or failure is logged? In this particular use, the interesting case is when the uid *is* less than 100 -- not when the test fails.
You make a good point, Matthew. log_pass, log_fail, log_both maybe?
I was leaning toward Scott's view, but Matthew's right that in many cases you'd want that information logged. Perhaps flags to quiet the module would be better, since in this instance we don't care enough either way, and authconfig can pick up a versioned dependency on whichever pam package starts recognizing a "be more quiet" flag.
See also bug 55193 where this noise was introduced.
Created attachment 103674 [details] Pro
For proposed patch see above. I've added 3 obvious parameters to the module - quiet (don't log success or failure), quiet_fail (don't log failure), quiet_success (don't log success).
I have opened a new bug 133179 against authconfig to include the quiet option for pam_succeed_if in system-auth file.
For an immediate workaround for people who do not need _any_ reports on this, in /etc/log.d/conf/services/secure.conf add dovecot-auth to $ignore_services
These module parameters did not make it into the pam_succeed_if manpage in the FC3 release.
Yes, please open a new bug for that issue.
*** Bug 152061 has been marked as a duplicate of this bug. ***
*** Bug 158103 has been marked as a duplicate of this bug. ***