Bug 24684 - login logs non-existing user (failed)logins to /var/log/btmp
login logs non-existing user (failed)logins to /var/log/btmp
Product: Red Hat Linux
Classification: Retired
Component: util-linux (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Crutcher Dunnavant
David Lawrence
Depends On:
  Show dependency treegraph
Reported: 2001-01-23 08:29 EST by Jarno Huuskonen
Modified: 2007-04-18 12:30 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-01-23 08:29:38 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jarno Huuskonen 2001-01-23 08:29:35 EST
util-linux login logs failed login attempts to /var/log/btmp.
This logging happens even if the user doesn't exist.

This can be fixed by not logging to btmp if pam retcode is

Here's a patch I made:

--- util-linux-2.10f/login-utils/login.c-orig   Tue Jan 23 14:22:09 2001
+++ util-linux-2.10f/login-utils/login.c        Tue Jan 23 14:23:33 2001
@@ -592,7 +592,9 @@
            pam_get_item(pamh, PAM_USER, (const void **) &username);
            syslog(LOG_NOTICE,_("FAILED LOGIN %d FROM %s FOR %s, %s"),
                failcount, hostname, username, pam_strerror(pamh,
-           logbtmp(ttyn + 5, username, hostname);
+                       /* Don't log to btmp if the user doesn't exist */
+                       if ( retcode != PAM_USER_UNKNOWN )
+                               logbtmp(ttyn + 5, username, hostname);
            fprintf(stderr,_("Login incorrect\n\n"));
            retcode = pam_authenticate(pamh, 0);
Comment 1 Nalin Dahyabhai 2001-01-24 20:39:26 EST
Transient errors on a network (i.e., downed NIS server) can also
cause real users to come up as "unknown".  The btmp file (according
to the lastb man page) logs "bad login attempts", and I believe
these qualify.

If the issue is one of preventing users from seeing other users'
passwords when said users aren't being observant while logging in,
fixing the permissions on the file (or removing it) is simpler.

Note You need to log in before you can comment on or make changes to this bug.