HI, Finally, I found it out the order of pam_loginuid was wrong. It should be the first part of session required modules. Now, it works Thanks a lot
On Thu, Jul 25, 2013 at 4:58 PM, zhu xiuming <[email protected]> wrote: > So, what should be the right settings for pam_loginuid? Is there any > documentation ? > > thanks a lot > > > On Thu, Jul 25, 2013 at 4:54 PM, Steve Grubb <[email protected]> wrote: > >> On Thursday, July 25, 2013 03:35:52 PM zhu xiuming wrote: >> > The problem is, cat /proc/self/loginuid is still 4294967295 if I login. >> > >> > However, I do see lots of events the auid is 0. I even see auid change >> > reflect in the event. >> > Like >> > >> > type=LOGIN msg=audit(07/20/2013 17:45:01.502:40221) : login pid=4952 >> > uid=root old auid=unset new auid=root >> >> This would be a root login. Which should be forbidden since root is a >> shared >> account amongst admins. >> >> >> > So, I am really confused. >> >> Something is wrong in your pam setup. You might check the compile flags >> or if >> pam_loginuid is in the right section. But that is undoubtedly the problem. >> >> -Steve >> > >
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
