Bug 56288 - pam_unix fails to log password changes
Summary: pam_unix fails to log password changes
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: pam (Show other bugs)
(Show other bugs)
Version: 7.2
Hardware: All Linux
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Aaron Brown
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2001-11-15 01:32 UTC by R P Herrold
Modified: 2007-04-18 16:38 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-12-18 16:11:58 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description R P Herrold 2001-11-15 01:32:45 UTC
Credible auditting and sysadmin include being able to back-track changes 
on accounts.  Formerly RH provided a logged event when a password change 
occurred;  This may be used to determine the pattern of unauthorized use 
of a host...

From a transcript on this topic:

> > > A colleague of mine noticed that as of RHL71 or RHL72, password 
> > > events are no longer syslogged at all.  Is this intentional?
> > 
> > I don't think so.  Is your colleague changing passwords using usermod
> > or passwd?  If it's being done with passwd, which PAM modules are 
> > used on the system?  Some of the messages might have been changed to
> > debug messages, as I do see more data in my debug log than in either
> > securelog or messages....


> > I can't find code in pam_unix or passwd itself which logs successful
> > non-NIS password changes, and I don't think there was any before 
> > pam_pwdb does log successful password changes).  Do the old log 
> > resemble "password for (username/uuid) changed by (username/uid)"?
> Yes; at least in RHL62, the following is logged:
> Nov 15 01:03:06 <elided> PAM_pwdb[2451]: password for (psa/158) 
> changed by (psa/158)
> This is not done in RHL72 at least.

Comment 1 Alan Cox 2002-12-18 16:11:58 UTC
Current RH is certainly providing this

"password changed for alan" is logged as expected

Users own password changes are not logged

Closing as NOTABUG. Feel free to disagree if you think there should be a
facility to log own password changes

Note You need to log in before you can comment on or make changes to this bug.