Red Hat Bugzilla – Bug 161230
gdm create spurious audit entries
Last modified: 2007-11-30 17:07:18 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4
Description of problem:
Testing has shown that there is a spurious audit message being generated by gdm:
type=USER_ERR msg=audit(06/21/05 09:44:32.699:783952) : user pid=2155 uid=root
auid=unknown(4294967295) msg='PAM bad_ident: user=? exe="/usr/bin/gdm-binary" (hostname=?, addr=?, terminal=? result=User not known to the underlying authentication module)'
This causes the audit system to log what could be interpretted as "suspicious" events.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. install audit package
2. reboot into run level 5
3. ausearch -i -x gdm
Actual Results: Among other things you will find a USER_ERR message with no PAM_USER.
Created attachment 115763 [details]
This patch simply disables the checking call to pam which is not necessary when
gdm is part of the distribution and not manually installed from sources by
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.