Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-5100

pam_faillock audit events duplicate uid

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Major Major
    • rhel-9.4
    • rhel-9.3.0
    • pam
    • pam-1.5.1-16.el9
    • None
    • Moderate
    • rhel-sst-idm-sssd
    • ssg_idm
    • 11
    • 12
    • 0
    • False
    • Hide

      None

      Show
      None
    • No
    • None
    • If docs needed, set a value
    • None

      Description of problem:
      It was found that pam_faillock is making bad audit events. Seems to be this way a while. But recently found that it can mislead ausearch to associate the wrong name to uid. The fix is to change uid to suid. There is a patch here that upstream recently accepted:

      https://github.com/linux-pam/linux-pam/pull/591

      This should be applied as soon as possible, because once the event is created wrong, it's that way forever.

              ipedrosa@redhat.com Iker Pedrosa
              audit_steve Steve Grubb
              Iker Pedrosa Iker Pedrosa
              Anuj Borah Anuj Borah
              Votes:
              1 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: