Bug 24684 - login logs non-existing user (failed)logins to /var/log/btmp
Summary: login logs non-existing user (failed)logins to /var/log/btmp
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: util-linux
Version: 6.2
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Crutcher Dunnavant
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2001-01-23 13:29 UTC by Jarno Huuskonen
Modified: 2007-04-18 16:30 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2001-01-23 13:29:38 UTC

Attachments (Terms of Use)

Description Jarno Huuskonen 2001-01-23 13:29:35 UTC
util-linux login logs failed login attempts to /var/log/btmp.
This logging happens even if the user doesn't exist.

This can be fixed by not logging to btmp if pam retcode is

Here's a patch I made:

--- util-linux-2.10f/login-utils/login.c-orig   Tue Jan 23 14:22:09 2001
+++ util-linux-2.10f/login-utils/login.c        Tue Jan 23 14:23:33 2001
@@ -592,7 +592,9 @@
            pam_get_item(pamh, PAM_USER, (const void **) &username);
            syslog(LOG_NOTICE,_("FAILED LOGIN %d FROM %s FOR %s, %s"),
                failcount, hostname, username, pam_strerror(pamh,
-           logbtmp(ttyn + 5, username, hostname);
+                       /* Don't log to btmp if the user doesn't exist */
+                       if ( retcode != PAM_USER_UNKNOWN )
+                               logbtmp(ttyn + 5, username, hostname);
            fprintf(stderr,_("Login incorrect\n\n"));
            retcode = pam_authenticate(pamh, 0);

Comment 1 Nalin Dahyabhai 2001-01-25 01:39:26 UTC
Transient errors on a network (i.e., downed NIS server) can also
cause real users to come up as "unknown".  The btmp file (according
to the lastb man page) logs "bad login attempts", and I believe
these qualify.

If the issue is one of preventing users from seeing other users'
passwords when said users aren't being observant while logging in,
fixing the permissions on the file (or removing it) is simpler.

Note You need to log in before you can comment on or make changes to this bug.