Your message dated Tue, 21 Aug 2007 04:19:23 -0700
with message-id <[EMAIL PROTECTED]>
and subject line more complete log output
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: libpam-modules
Version: 0.79-3.1
Severity: wishlist
When users punch in the wrong password to applications using PAM,
pam_unix logs these to auth.log, e.g.:
saslauthd[18553]: (pam_unix) authentication failure; logname= uid=0 euid=0
tty= ruser= rhost=
What I am missing is entries in the logname= and rhost= fields.
Could these please contain the requested username (if non-null), and
the IP or host address of the remote host respectively? I imagine
PAM has these data available at the time of the request.
Cheers,
-- System Information:
Debian Release: testing/unstable
APT prefers stable
APT policy: (700, 'stable'), (600, 'testing'), (98, 'unstable'), (1,
'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-1-686
Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Versions of packages libpam-modules depends on:
ii libc6 2.3.6-7 GNU C Library: Shared libraries
ii libcap1 1:1.10-14 support for getting/setting POSIX.
ii libdb4.3 4.3.29-5 Berkeley v4.3 Database Libraries [
ii libpam0g 0.79-3.1 Pluggable Authentication Modules l
ii libselinux1 1.30-1 SELinux shared libraries
libpam-modules recommends no packages.
-- no debconf information
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft <[EMAIL PROTECTED]>
: :' : proud Debian developer and author: http://debiansystem.info
`. `'`
`- Debian - when you have better things to do than fixing a system
signature.asc
Description: Digital signature (GPG/PGP)
--- End Message ---
--- Begin Message ---
Hi Martin,
> When users punch in the wrong password to applications using PAM,
> pam_unix logs these to auth.log, e.g.:
> saslauthd[18553]: (pam_unix) authentication failure; logname= uid=0 euid=0
> tty= ruser= rhost=
> What I am missing is entries in the logname= and rhost= fields.
> Could these please contain the requested username (if non-null), and
> the IP or host address of the remote host respectively? I imagine
> PAM has these data available at the time of the request.
No, PAM does not have this data, or else it would have been logged here.
The rhost, ruser, and tty values must be set with pam_set_item() by the
calling application. If these are empty for you, this is a problem of the
particular application (or the application is one that has no concept of a
remote host/remote user/tty associated with a request).
The logname value is retrieved using Linux-PAM's internal implementation of
getlogin(). That function seems to have been broken in Linux-PAM 0.79;
however, getlogin() wouldn't be relevant at all for the case of saslauthd,
so I don't think that's really the bug you're interested in.
In any case, that bug is fixed upstream in 0.99.7.1, so I'm going to close
this bug.
For reference, here are the failure logs for pam_unix when called by su and
sudo, with each of pam 0.79 and 0.99.7.1:
su[6794]: (pam_unix) authentication failure; logname=uid=1000 euid=0 tty=pts/4
ruser=vorlon rhost= user=root
sudo: (pam_unix) authentication failure; logname=uid=0 euid=0 tty=pts/4 ruser=
rhost= user=vorlon
su[19983]: pam_unix(su:auth): authentication failure; logname=vorlon uid=1000
euid=0 tty=pts/4 ruser=vorlon rhost= user=root
sudo: pam_unix(sudo:auth): authentication failure; logname=vorlon uid=0 euid=0
tty=pts/4 ruser= rhost= user=vorlon
Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
[EMAIL PROTECTED] http://www.debian.org/
--- End Message ---
