On Mon, Aug 03, Jason Gerfen wrote: > Thorsten Kukuk wrote: > > On Mon, Aug 03, Jason Gerfen wrote: > > > >> I have a quick question regarding the pam stack. > >> > >> The reason I am asking is I am receiving errors and am unable to figure > >> out which module is logging the 'UNKNOWN' user message. I used to think > >> it was the pam_unix module but it seems I am wrong. > >> > >> Here is a quick snippit of the log (/var/log/auth.log) > >> Aug 3 12:08:51 Gentoo-x86 login[20736]: pam_unix(login:auth): check > >> pass; user unknown > >> Aug 3 12:08:51 Gentoo-x86 login[20736]: pam_unix(login:auth): > >> authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost= ^^^^^^^^^^^^^^^^^^^^^^^ > >> Aug 3 12:08:51 Gentoo-x86 login[20736]: pam_krb5[20736]: searching > >> 'ou=campus,dc=search,dc=domain,dc=com' for 'testuser'... > >> Aug 3 12:08:51 Gentoo-x86 login[20736]: pam_krb5[20736]: found > >> 'testuser' in 'ad', proceeding to resolve to uid/gid pair... > >> Aug 3 12:08:51 Gentoo-x86 login[20736]: pam_krb5[20736]: authentication > >> succeeds for 'testuser' (testuser@xxxxxxxx) > >> Aug 3 12:08:54 Gentoo-x86 login[20736]: FAILED LOGIN (1) on 'tty1' FOR > >> `UNKNOWN', User not known to the underlying authentication module > >> > >> Not sure what module is sending that last line to the logs. Any help is > >> appreciated. > > > > The login application itself, as result of the pam_unix failure. > > > > Thorsten > > > So at least one module is not returning the PAM_SUCCESS flag? If a module reports an authentication error, it will of course not return the PAM_SUCCESS flag. Thorsten -- Thorsten Kukuk, Project Manager/Release Manager SLES SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg GF: Markus Rex, HRB 16746 (AG Nuernberg) _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list