[Bug 2245] Multiple USER_LOGIN messages when linux audit support is enabled on bad login

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Nov 5 01:19:21 EST 2014


--- Comment #4 from Petr Lautrbach <plautrba at redhat.com> ---
Created attachment 2502
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2502&action=edit
don't use (invalid user)

I also find using '(invalid user)' confusing. It's used in two cases -
an user is unknown - getpwnamallow(user) returns NULL - or service is
not set to 'ssh-connetion'.

The first case is quite common and I think an account in event should
be marked '(unknown user)' instead of invalid which could be confusing
for an auditor.

For the second case, it might be worth to split Authctxt.valid to
Authctxt.valid_user and  Authctxt.valid_service to better distinguish
ehse two case.

You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list