Chuck Swiger wrote:Look at syslogd (/etc/syslog.conf) and /var/log/security or /var/log/auth.log, I suspect that what you want to see is already being logged there.I checked out syslog.conf and did not see what to uncomment to add the passwd logging it currently logs bad logins and su but not successful changed passwds then I had a look at /var/log/security but nothing was in that file. hmm would I have to add a line to the syslog.conf file to log this type of activity?
Take a look at the end of /usr/src/usr.bin/passwd/local_passwd.c:
[ ... ]
if (!pw_mkdb(uname))
pw_error((char *)NULL, 0, 1);
#ifdef LOGGING
syslog(LOG_DEBUG, "user %s changed their local password\n", uname);
#endif
return (0);
}This message is being logged at DEBUG priority level, so I believe you should change the line in /etc/syslog.conf from "auth.info" to "auth.debug" and restart syslogd.
Or you could adjust this code to log using a higher priority (or write the info to a file directly, or whatever else you like), and build and reinstall the passwd binary with your changes.
-- -Chuck
_______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
