[MDEV-10871] Add logging capability to pam_user_map.c Created: 2016-09-22 Updated: 2023-01-11 Resolved: 2018-03-22 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | Plugin - pam, Plugins |
| Fix Version/s: | 10.1.32 |
| Type: | Task | Priority: | Major |
| Reporter: | Geoff Montee (Inactive) | Assignee: | Alexey Botchkov |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | pam | ||
| Issue Links: |
|
||||||||
| Sprint: | 10.1.30, 10.1.32 | ||||||||
| Description |
|
The PAM user mapping plugin doesn't currently seem to log any information to /var/log/secure. It would probably be helpful if the plugin had some way to enable verbose logging during testing, so that it would be easier to debug configuration problems. I expect the best way to implement this would be to create one or more module arguments for the plugin that controls logging. PAM module arguments are explained here: For example, maybe a configuration like this could enable very verbose debugging logging to /var/log/secure:
Or if we wanted the ability to specify a specific log, maybe we could do something like this:
But these are just suggestions. |
| Comments |
| Comment by Geoff Montee (Inactive) [ 2017-08-22 ] |
|
Do we have plans to implement this at some point? Problems with pam_user_map.so are currently very difficult to debug. |
| Comment by Alexey Botchkov [ 2018-03-18 ] |
|
Implemented the 'debug' option, that would write excessive comments to the syslog. |
| Comment by Alexey Botchkov [ 2018-03-18 ] |
|
As far as i see the PAM libraries tend to write messages to the syslog, so my proposal is to send the debug output of the pam_user_map to the syslog as well. |
| Comment by Alexey Botchkov [ 2018-03-22 ] |
|
http://lists.askmonty.org/pipermail/commits/2018-March/012126.html |