User Audit question

Hi, Currently what is the expected behavior of non-setuid root applications which utilize the PAM framework? We were doing some testing with newrole (non-setuid root) which uses PAM for authentication but fails to audit (unless you are root) authentication records due to lack of audit capabilities. Newrole succeeds normally without being setuid because password checking happens via a setuid helper. Is there an idea of such a helper for the PAM audit framework? Or should newrole be a setuid root application? I apologize if this has been covered previously. Also this was using the FC4 T3 kernel and PAM. Thanks, -Chad _______________________________________ Chad Hanson Manager, Trusted Operating Systems Lab Trusted Computer Solutions 121 W Goose Alley Urbana, IL 61801 www.TrustedCS.com V: 217.384.0028 ext 12 F: 217.384.0288 E: chanson(a)TrustedCS.com