[Bug 2245] Multiple USER_LOGIN messages when linux audit support is enabled on bad login
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Nov 5 01:19:21 EST 2014
https://bugzilla.mindrot.org/show_bug.cgi?id=2245
--- Comment #4 from Petr Lautrbach <plautrba at redhat.com> ---
Created attachment 2502
--> https://bugzilla.mindrot.org/attachment.cgi?id=2502&action=edit
don't use (invalid user)
I also find using '(invalid user)' confusing. It's used in two cases -
an user is unknown - getpwnamallow(user) returns NULL - or service is
not set to 'ssh-connetion'.
The first case is quite common and I think an account in event should
be marked '(unknown user)' instead of invalid which could be confusing
for an auditor.
For the second case, it might be worth to split Authctxt.valid to
Authctxt.valid_user and Authctxt.valid_service to better distinguish
ehse two case.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list