[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Audit-0.6.3 released



On Mon, 21 Feb 2005 14:55:38 CST, Klaus Weidner said:

> Try the following:
> 
> *** login
> 
> session    required     pam_selinux.so close
> session    required     pam_stack.so service=system-auth
> session    optional     pam_console.so
> session    required     pam_audit.so
> session    required     pam_selinux.so multiple open
> 
> *** sshd
> 
> session    required     pam_stack.so service=system-auth
> session    required     pam_audit.so

And presumably similar for gdm if such is in use..

> > For that matter, it's unclear if I can just stick it in the system-auth
> > that gets included by everybody.  Are there any cases where we *don't*
> > want it in there?
> 
> You don't want a new login UID assigned if someone uses 'su', 'sudo' or
> equivalent (that's the entire point of having a login UID maintained
> separately), so putting it into system-auth is not a good idea.

Ahh.. I *knew* there was a reason, I just couldn't put my finger on it. :)

Attachment: pgp00005.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]