[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Audit-0.6.3 released



On Mon, Feb 21, 2005 at 03:18:55PM -0500, Valdis Kletnieks vt edu wrote:
> On Sun, 20 Feb 2005 16:26:49 EST, Steve Grubb said:
> > Pam_audit was updated to write loginuid to /proc/pid/loginuid.
> > Because of the way pam works, this is done in the parent process and
> > the login uid is inherited by the child. This does not work for sshd
> > because of privilege separation. I'll have to patch that directly.
> 
> OK, I'm a PAM idiot, and the manpage doesn't help much...
> 
> It's unclear where pam_audit should be placed relative to other pam
> exits.

Try the following:

*** login

session    required     pam_selinux.so close
session    required     pam_stack.so service=system-auth
session    optional     pam_console.so
session    required     pam_audit.so
session    required     pam_selinux.so multiple open

*** sshd

session    required     pam_stack.so service=system-auth
session    required     pam_audit.so

> For that matter, it's unclear if I can just stick it in the system-auth
> that gets included by everybody.  Are there any cases where we *don't*
> want it in there?

You don't want a new login UID assigned if someone uses 'su', 'sudo' or
equivalent (that's the entire point of having a login UID maintained
separately), so putting it into system-auth is not a good idea.

-Klaus


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]