From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4b) Gecko/20030516 Mozilla Firebird/0.6 Description of problem: If you are using nss_ldap and pam_ldap, and in authconfig select to use LDAP as authentication, this lines are configured in /etc/pam.d/system-auth: auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass auth required /lib/security/$ISA/pam_deny.so This makes to first try to authenticate a user againts /etc/passwd and you got the error. Instead, authconfig should configure /etc/pam.d/system-auth like this: auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_ldap.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok use_first_pass auth required /lib/security/$ISA/pam_deny.so Version-Release number of selected component (if applicable): authconfig-4.3.4-1 How reproducible: Always Steps to Reproduce: 1. Configure to authenticate against LDAP in authconfig 2. login as a user that is in the LDAP user DB Actual Results: You got this entry in /var/log/messages: Jul 20 15:04:49 server pop(pam_unix)[27864]: check pass; user unknown Jul 20 15:04:49 server pop(pam_unix)[27864]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= Jul 20 15:04:49 server ipop3d[27864]: Login user=user1 host=host.example.com[192.168.210.3] nmsgs=1/1 Jul 20 15:04:50 server ipop3d[27864]: Logout user=user1 host=host.example.com [192.168.210.3] nmsgs=0 ndele=1 Additional info: You get this 2 lines for every login attempt using any service: login, pop3, imap, ssh, etc Jul 20 15:04:49 server (pam_unix)[27864]: check pass; user unknown Jul 20 15:04:49 server (pam_unix)[27864]: authentication failure; Which overload syslog, cause an innecesary delay and waste disk space.
Also, please note that when using current authconfig settings, imap y pop3 daemons log its messages in /var/log/messages. But, after aplying my patch, they log the messages in /var/log/maillog. These 2 lines are the messages logged now in /var/log/maillog: Jul 20 15:04:49 server ipop3d[27864]: Login user=user1 host=host.example.com[192.168.210.3] nmsgs=1/1 Jul 20 15:04:50 server ipop3d[27864]: Logout user=user1 host=host.example.com [192.168.210.3] nmsgs=0 ndele=1 I think that loggin in /var/log/maillog is the desired behavior for imap y pop3 (both from wu-imap package)
This is WONTFIX as: 1. The module pam_unix can't be removed from system-auth since it would completely disable the local logins (root for example) the syslogging can't be switched off because these messages are valid in case there is no other auth pam module in the system-auth and the pam_unix module can't know if it's the only module in the auth stack. 2. The logging of imap, pop3 in messages is a bug but it's a bug of wu-imap package because it should reopen syslog after calling pam. There is no way how to do it right in pam. Other possibility would be not to openlog in pam_unix but this could be problematic in other situations.