My logs are getting filled with:
crond[27300]: pam_succeed_if: requirement "uid < 100" was met by user "root" crond[27303]: pam_succeed_if: requirement "uid < 100" was met by user "root"
Not sure which job is doing this, but it is getting noisy.. I dont want to think what 2000 machines will do to our central mail and log servers :).
Any ideas how I can track this down to better bugzilla?
Am Mi, den 29.09.2004 schrieb Stephen J. Smoogen um 17:34:
My logs are getting filled with:
crond[27300]: pam_succeed_if: requirement "uid < 100" was met by user "root" crond[27303]: pam_succeed_if: requirement "uid < 100" was met by user "root"
Not sure which job is doing this, but it is getting noisy.. I dont want to think what 2000 machines will do to our central mail and log servers :).
Any ideas how I can track this down to better bugzilla?
Stephen J Smoogen.
The log entries are cause by /etc/pam.d/system-auth -->
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100
Check /var/log/secure on how often this entry occurs. Is it caused by cron hourly?
Alexander
On Wed, 2004-09-29 at 08:34, Stephen J. Smoogen wrote:
My logs are getting filled with:
crond[27300]: pam_succeed_if: requirement "uid < 100" was met by user "root"
Not sure which job is doing this, but it is getting noisy.. I dont want to think what 2000 machines will do to our central mail and log servers :).
As I recall this was added to fix a problem when using LDAP authentication. Without it if the LDAP server was unreachable even local logins (i.e. root) were disabled. If you're not using LDAP it is safe to comment out. There was also talk of adding a "quiet" option to this pam module, not sure of the status though.
Brian Gaynor (briang@pmccorp.com) said:
As I recall this was added to fix a problem when using LDAP authentication. Without it if the LDAP server was unreachable even local logins (i.e. root) were disabled. If you're not using LDAP it is safe to comment out. There was also talk of adding a "quiet" option to this pam module, not sure of the status though.
The pam module has a 'quiet' option; authconfig does not set it by default (yet).
Bill
On Wed, 29 Sep 2004 16:55:52 -0400, Bill Nottingham notting@redhat.com wrote:
Brian Gaynor (briang@pmccorp.com) said:
As I recall this was added to fix a problem when using LDAP authentication. Without it if the LDAP server was unreachable even local logins (i.e. root) were disabled. If you're not using LDAP it is safe to comment out. There was also talk of adding a "quiet" option to this pam module, not sure of the status though.
The pam module has a 'quiet' option; authconfig does not set it by default (yet).
The man page for pam_succeed_if also needs to be updated.. it doesnt mention a quiet option.
-
Alexander Dalloz -
Bill Nottingham -
Brian Gaynor -
Stephen John Smoogen