On 02/13/2011 11:50 PM, Patrick Matthäi wrote: > Am 13.02.2011 23:45, schrieb Steve Langasek: >> Hi folks, >> >> I have a bug report objecting to pam_unix logging all PAM sessions, >> interactive and non-interactive alike, to syslog. Should pam_unix be >> dropped from /etc/pam.d/common-session-noninteractive?
Did the user present a real use-case where this is an issue, or is this
more of an aesthetic issue to the user? All too often, I've been
confronted with the latter case.
>> It's only after pam-auth-update started being used and
>> common-session-noninteractive is split out that anyone mentioned
>> this might be a problem; before that I assumed that having pam_unix
>> log the session was the right thing to do.
>>
>> Any other arguments for/against this logging?
In general, I would rather filter the output of syslog instead of
limiting its input. I understand that this is currently not possible
here, as there is no distinction between {non-,}interactive messages.
> *We* need those logging on our machines per default and I don't think,
> that we are the only one. Non-interactive sessions should still be
> logged.
Same here.
> Personaly I would wish, that I can see in auth.log, if it is
> {non-}interactive or not, but that is not the topic of this thread.
signature.asc
Description: OpenPGP digital signature
