From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Description of problem: Every five minutes cron wakes up, it logs authentication (PAM) actions to syslog. The root in this time not login to the system. This message repeat every 5 minutes (with different PID): Feb 20 11:30:01 seta crond(pam_unix)[4497]: session opened for user root by (uid=0) Feb 20 11:30:01 seta crond(pam_unix)[4500]: session opened for user root by (uid=0) Feb 20 11:30:01 seta crond(pam_unix)[4497]: session closed for user root Feb 20 11:30:01 seta crond(pam_unix)[4500]: session closed for user root Version-Release number of selected component (if applicable): vixie-cron-4.1-36.EL4 How reproducible: Always Steps to Reproduce: 1.install RHEL 4.0 update 2 2.login to the system 3.tail -f /var/log/secure Additional info: it looks like https://www.redhat.com/archives/fedora-list/2005-February/msg06858.html
For each cron job, cron opens a PAM session, to permit audit logging and authentication control with PAM . You can disable the generation of these PAM session messages as indicated in bug 173926 - edit the /etc/pam.d/crond file to read: # # The PAM configuration file for the cron daemon # # auth sufficient pam_rootok.so auth required pam_stack.so service=system-auth auth required pam_env.so account required pam_stack.so service=system-auth account required pam_access.so #session required pam_stack.so service=system-auth session required pam_loginuid.so This will prevent the PAM session log messages being generated for each cron job . Some users may consider the cron PAM session messages useful, and the /etc/pam.d/crond file is user configurable - so disabling the cron PAM session log messages is a user configuration choice, and should not be the default. *** This bug has been marked as a duplicate of 173926 ***