I believe these msgs are harmless. You may set syslog to be less verbose, the default /etc/syslog.conf comes bundled with RH has set "*.info", see "man syslog.conf" Remove *.info from this line and "pkill -HUP syslogd". #*.info;mail.none;authpriv.none;cron.none /var/log/messages mail.none;authpriv.none;cron.none /var/log/messages Gary -----Original Message----- From: pam-list-bounces@xxxxxxxxxx [mailto:pam-list-bounces@xxxxxxxxxx] On Behalf Of Oliver Schulze L. Sent: Thursday, April 28, 2005 11:56 PM To: pam-list@xxxxxxxxxx Subject: The infamous "check pass; user unknown" Hi, I don't know if this is the correct list for this, but this is my problem. I have Linux (RH9/Fedora/RHEL4) setup with ldap for local accounts, that is, for replacing the /etc/passwd with ldap. All is working correctly. I have run 'authconfig' and the program configured /etc/ldap.conf and /etc/nsswitch.conf The problem is that in /var/log/messages I get this 2 lines for every *sucessfull* login. That is for every kind of login: console, pop3, imap, ssh, etc Apr 28 11:53:00 server app(pam_unix)[13817]: check pass; user unknown Apr 28 11:53:00 server app(pam_unix)[13817]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= The string server is the hostname, the string app is the application that the user used for login in, like login, sshd, dovecot, etc I wonder if there is a solution for this or is some kind of limitation or a message that can not be supressed using the convination of pam/ldap/nss_ldap ? Many thanks Oliver -- Oliver Schulze L. <oliver@xxxxxxxxxxxxx> _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
