John, On Mon, 11 Dec 2000, Steve Langasek wrote: > FWIW, I've checked the behavior of pam_unix in Linux-PAM 0.72. The default > behavior is to NOT log invalid usernames unless the 'audit' flag is turned on. > If this server has Linux-PAM 0.72 installed (the most recent version that has > shipped with a Linux distribution), and your password was still logged, then > you may want to check to see how this untrusted sysadmin has configured the > machine's PAM settings. I was digging through the pam_unix logging code for other reasons this weekend, and I noticed that you were right that in Linux-PAM 0.72 will log an invalid username -- I apologize for spreading misinformation. There is code that allows for only logging invalid usernames when the 'audit' flag is on, but it wasn't applied universally. The problem has been corrected now in CVS. Regards, Steve Langasek postmodern programmer
