Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 4 product line. The current stable release is 4.9. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 161230

Summary: gdm create spurious audit entries
Product: Red Hat Enterprise Linux 4 Reporter: Steve Grubb <sgrubb>
Component: gdmAssignee: Ray Strode [halfline] <rstrode>
Status: CLOSED ERRATA QA Contact: Mike McLean <mikem>
Severity: medium Docs Contact:
Priority: high    
Version: 4.0CC: tmraz
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: RHBA-2005-644 Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-10-05 15:32:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 113381, 156322, 159338    
Attachments:
Description Flags
Proposed patch none

Description Steve Grubb 2005-06-21 15:48:59 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4

Description of problem:
Testing has shown that there is a spurious audit message being generated by gdm:

type=USER_ERR msg=audit(06/21/05 09:44:32.699:783952) : user pid=2155 uid=root 
auid=unknown(4294967295) msg='PAM bad_ident: user=? exe="/usr/bin/gdm-binary" (hostname=?, addr=?, terminal=? result=User not known to the underlying authentication module)'

This causes the audit system to log what could be interpretted as "suspicious" events.


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. install audit package
2. reboot into run level 5
3. ausearch -i -x gdm
  

Actual Results:  Among other things you will find a USER_ERR message with no PAM_USER.

Additional info:
Comment 1 Tomas Mraz 2005-06-21 16:53:00 UTC 
Created attachment 115763 [details]
Proposed patch

This patch simply disables the checking call to pam which is not necessary when
gdm is part of the distribution and not manually installed from sources by
user.
Comment 6 Red Hat Bugzilla 2005-10-05 15:32:59 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2005-644.html