Red Hat Bugzilla – Bug 232896
gdm create spurious audit entries
Last modified: 2008-06-17 09:28:29 EDT
+++ This bug was initially created as a clone of Bug #230401 +++
I cloned the RHEL4 bug report as it seems that this one somehow stayed unfixed
in Fedora and RHEL5. There was an errata for RHEL4 with this.
+++ This bug was initially created as a clone of Bug #161230 +++
Description of problem:
Testing has shown that there is a spurious audit message being generated by gdm:
type=USER_ERR msg=audit(06/21/05 09:44:32.699:783952) : user pid=2155 uid=root
auid=unknown(4294967295) msg='PAM bad_ident: user=? exe="/usr/bin/gdm-binary"
(hostname=?, addr=?, terminal=? result=User not known to the underlying
This causes the audit system to log what could be interpretted as "suspicious"
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. install audit package
2. reboot into run level 5
3. ausearch -i -x gdm
Actual Results: Among other things you will find a USER_ERR message with no
-- Additional comment from email@example.com on 2005-06-21 12:53 EST --
Created an attachment (id=115763)
This patch simply disables the checking call to pam which is not necessary when
gdm is part of the distribution and not manually installed from sources by
-- Additional comment from firstname.lastname@example.org on 2007-03-06 14:17 EST --
This should be built into rawhide now.
Is there a RHEL5 bug somewhere too?
-- Additional comment from email@example.com on 2007-03-19 07:19 EST --
Probably not. I'll clone this one.
This request was evaluated by Red Hat Product Management for
inclusion in a Red Hat Enterprise Linux release. Since this
bugzilla is in a component that is not approved for the current
release, it has been closed with resolution deferred. You may
reopen this bugzilla for consideration in the next release.
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
should be fixed in gdm-2.16.0-35.el5
marking MODIFIED for QA
hmm, i wonder how i managed to build this without a qa ack...
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.