User Audit question
Chad Hanson
chanson at TrustedCS.com
Wed May 18 19:11:50 UTC 2005
Hi,
Currently what is the expected behavior of non-setuid root applications
which utilize the PAM framework? We were doing some testing with newrole
(non-setuid root) which uses PAM for authentication but fails to audit
(unless you are root) authentication records due to lack of audit
capabilities. Newrole succeeds normally without being setuid because
password checking happens via a setuid helper. Is there an idea of such a
helper for the PAM audit framework? Or should newrole be a setuid root
application?
I apologize if this has been covered previously. Also this was using the FC4
T3 kernel and PAM.
Thanks,
-Chad
_______________________________________
Chad Hanson
Manager, Trusted Operating Systems Lab
Trusted Computer Solutions
121 W Goose Alley
Urbana, IL 61801
www.TrustedCS.com
V: 217.384.0028 ext 12
F: 217.384.0288
E: chanson at TrustedCS.com
More information about the Linux-audit
mailing list