PAM touching shadow?
I've been fighting with this problem for a few weeks now, and I think I've
at least narrowed it down to a package. I am using the SNARE auditing
package to monitor activity on machines attached to a local network; a
requirement by the government organization we work with. Unfortunately,
however, our workstations running xscreensaver have SNARE reporting that
the (non-root) logged-in user unsuccessfully attempts to touch the
/etc/shadow file, with timestamps that correspond to the exact times that
the user unlocks the window via xscreensaver.
I have narrowed it down to PAM (I think), as I've recompiled xscreensaver
with absolutely no passwd references; only the PAM libraries compiled in,
and the problem still presents itself. Does anyone know if PAM is making
this call at some point, and if so, what is the reason behind it? Is PAM
just doing a sanity permission check on the shadow file?
Any input (other than ignoring the error, which is unacceptable to our
sponsors) would be appreciated.
Regards,
Eric
P.S. -- System is RH 9 Stable, updates current as of 7-12-04.
*********************************************************************
Eric Reischer emr@xxxxxxxxxxxxxxx
"The greater our knowledge increases,
the greater our ignorance unfolds." -- John F. Kennedy
*********************************************************************
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
[Home]
[Kernel List]
[Red Hat Install]
[Linux for the blind]
[Red Hat Watch List]
[Gimp]
[Kerberos: The Definitive Guide]
