From 0e7be4859732283602732ac6a2110712221dc442 Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Sat, 10 Jan 1998 11:42:29 +0000 Subject: Following discussions with Cristian Gafton (Red Hat) we have decided to make PAM silent about it's actions. This reduced error logging for EVERY password validation request. Refer to password.c PAM section for further info. Fiels Affected: password.c (This used to be commit 7a1a8042dd005e26e610a16eaaa693f119b874c7) --- source3/smbd/password.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'source3/smbd/password.c') diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 1c72f0cfa6..c2b916a0af 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -442,13 +442,19 @@ static BOOL pam_auth(char *this_user,char *password) PAM_username = this_user; pam_error = pam_start("samba", this_user, &PAM_conversation, &pamh); PAM_BAIL; - pam_error = pam_authenticate(pamh, 0); +/* Setting PAM_SILENT stops generation of error messages to syslog + * to enable debugging on Red Hat Linux set: + * /etc/pam.d/samba: + * auth required /lib/security/pam_pwdb.so nullok shadow audit + * _OR_ change PAM_SILENT to 0 to force detailed reporting (logging) + */ + pam_error = pam_authenticate(pamh, PAM_SILENT); PAM_BAIL; /* It is not clear to me that account management is the right thing * to do, but it is not clear that it isn't, either. This can be * removed if no account management should be done. Alternately, * put a pam_allow.so entry in /etc/pam.conf for account handling. */ - pam_error = pam_acct_mgmt(pamh, 0); + pam_error = pam_acct_mgmt(pamh, PAM_SILENT); PAM_BAIL; pam_end(pamh, PAM_SUCCESS); /* If this point is reached, the user has been authenticated. */ -- cgit