From 7a1a8042dd005e26e610a16eaaa693f119b874c7 Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Sat, 10 Jan 1998 11:42:29 +0000 Subject: [PATCH] Following discussions with Cristian Gafton (Red Hat) we have decided to make PAM silent about it's actions. This reduced error logging for EVERY password validation request. Refer to password.c PAM section for further info. Fiels Affected: password.c --- source/smbd/password.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/source/smbd/password.c b/source/smbd/password.c index 1c72f0cfa6e..c2b916a0af8 100644 --- a/source/smbd/password.c +++ b/source/smbd/password.c @@ -442,13 +442,19 @@ static BOOL pam_auth(char *this_user,char *password) PAM_username = this_user; pam_error = pam_start("samba", this_user, &PAM_conversation, &pamh); PAM_BAIL; - pam_error = pam_authenticate(pamh, 0); +/* Setting PAM_SILENT stops generation of error messages to syslog + * to enable debugging on Red Hat Linux set: + * /etc/pam.d/samba: + * auth required /lib/security/pam_pwdb.so nullok shadow audit + * _OR_ change PAM_SILENT to 0 to force detailed reporting (logging) + */ + pam_error = pam_authenticate(pamh, PAM_SILENT); PAM_BAIL; /* It is not clear to me that account management is the right thing * to do, but it is not clear that it isn't, either. This can be * removed if no account management should be done. Alternately, * put a pam_allow.so entry in /etc/pam.conf for account handling. */ - pam_error = pam_acct_mgmt(pamh, 0); + pam_error = pam_acct_mgmt(pamh, PAM_SILENT); PAM_BAIL; pam_end(pamh, PAM_SUCCESS); /* If this point is reached, the user has been authenticated. */ -- 2.34.1