Hi there,
I'm using pam_ldap on centos 5, everything works fine but each time a user logs in, i get a pam_unix error in my logs like below:
authdaemond: pam_unix(pop3:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=login
I understand that the system is trying to authenticate via pam_unix and fails because it is a ldap user, then the logon is successful with pam_ldap, but my logs are full of this kind of messages, and i want to get rid of it to distinguish brute force attacks more easily...
Here is my /etc/pam.d/system-auth :
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so
I think i should play with the quiet thing but it doesn't seems to do what i want.
Eric
