Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-5100

pam_faillock audit events duplicate uid

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Major Major
    • rhel-9.4
    • rhel-9.3.0
    • pam
    • pam-1.5.1-16.el9
    • None
    • Normal
    • sst_idm_sssd
    • ssg_idm
    • 11
    • 12
    • 0
    • False
    • Hide

      None

      Show
      None
    • No
    • None
    • If docs needed, set a value
    • None

      Description of problem:
      It was found that pam_faillock is making bad audit events. Seems to be this way a while. But recently found that it can mislead ausearch to associate the wrong name to uid. The fix is to change uid to suid. There is a patch here that upstream recently accepted:

      https://github.com/linux-pam/linux-pam/pull/591

      This should be applied as soon as possible, because once the event is created wrong, it's that way forever.

            ipedrosa@redhat.com Iker Pedrosa
            audit_steve Steve Grubb
            Iker Pedrosa Iker Pedrosa
            Anuj Borah Anuj Borah
            Votes:
            1 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: