So, what should be the right settings for pam_loginuid? Is there any documentation ?

thanks a lot


On Thu, Jul 25, 2013 at 4:54 PM, Steve Grubb <sgrubb@redhat.com> wrote:
On Thursday, July 25, 2013 03:35:52 PM zhu xiuming wrote:
> The problem is, cat /proc/self/loginuid is still 4294967295 if I login.
>
> However, I do see lots of events the auid is 0.  I even see auid change
> reflect in the event.
> Like
>
> type=LOGIN msg=audit(07/20/2013 17:45:01.502:40221) : login pid=4952
> uid=root old auid=unset new auid=root

This would be a root login. Which should be forbidden since root is a shared
account amongst admins.


> So, I am really confused.

Something is wrong in your pam setup. You might check the compile flags or if
pam_loginuid is in the right section. But that is undoubtedly the problem.

-Steve