Is it possible for a module to retrieve the attempted username in a failed
login if the user does not exist on the machine?
The module pam_abl[1] can only show NOUSER[2] when a login failure occurs
with an invalid username.
Sep 25 19:18:36 sasami pam_abl[5562]: Blocking access from chenling.net to service sshd, user root
Sep 25 19:18:40 sasami pam_abl[2502]: Blocking access from chenling.net to service sshd, user NOUSER
Sep 25 19:18:43 sasami pam_abl[6949]: Blocking access from chenling.net to service sshd, user mysql
Sep 25 19:18:47 sasami pam_abl[30397]: Blocking access from chenling.net to service sshd, user NOUSER
Sep 25 19:18:50 sasami pam_abl[30622]: Blocking access from chenling.net to service sshd, user NOUSER
Sep 25 19:18:54 sasami pam_abl[3720]: Blocking access from chenling.net to service sshd, user NOUSER
Sep 25 19:18:58 sasami pam_abl[14504]: Blocking access from chenling.net to service sshd, user root
Sep 25 19:19:01 sasami pam_abl[10341]: Blocking access from chenling.net to service sshd, user root
I'd like to know what actual username was attempted, instead of "NOUSER".
Is it possible or would this need to be a modification to PAM?
-Dan
[1] http://www.hexten.net/pam_abl/
[2] http://www.hexten.net/bugzilla/show_bug.cgi?id=13
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list