Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Using PAM to log password changes?
Top Forums UNIX for Dummies Questions & Answers Using PAM to log password changes? Post 302415113 by declannalced on Wednesday 21st of April 2010 08:38:30 PM
Old 04-21-2010
Using PAM to log password changes?
Hi, on a lab computer another user (who is a sudoer) changed my password without my permission. I'm pretty positive it was her, though I can't conclusively prove it. I had my friend, who is another sudoer on the machine, fix it and make me a sudoer now too.

So everything is fine, but I want solid proof in case this happens again. I know I can see when people have been logged in with the command 'last', but I would need to correlate that to the actual password change time. So I'd like to have the system log whenever someone (eg, her) sudo's to change another user's (eg, mine) password.

I was told I can do this with PAM, but I looked at the documentation and it seemed to be mostly more about authentication and stuff, and I couldn't figure out how to log it. Can anyone help me?

Thanks!

PS: also, I'm aware that there's nothing I can do to prevent this happening again as long as she has root access. But I want proof in case it happens again. And I'm not trying to do anything to her, I'm just trying to protect myself and log password changes to MY account.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

password not prompt when doing a remote log in

hi when i do a remote log in to server A from other servers using root account, i am able to log in to server A without keying in any password. right now i would like to find out which files am i suppose to set in order to prompt user for password everytime they do a log in from other server.... (1 Reply)
Discussion started by: legato
1 Replies

2. Solaris

PAM, Solaris, Openssh and Forcing a password change

Here's the issue. Currently when I run passwd -f "username" on any account, when I try to login with said account I don't get prompted to change my password I just keep getting prompted to input a password. (Of course this works just fine with telnet)Is there something i need to add to... (7 Replies)
Discussion started by: woodson2
7 Replies

3. Solaris

Pam Module sending a cannot get password enry after certain period in /var/adm/messag

Pam Module sending a cannot get password enry after certain period in /var/adm/message. pam_login_limit(auth): Cannot get Password entry for user 'dbsnmp' What is dbsnmp? Also if account is locked does pam module checks for this locked account at regular interval and keeps on posting... (2 Replies)
Discussion started by: student2009
2 Replies

4. Solaris

Is there a log for password change?

hi, i am try to find the log if some one change the password for any account. plz help me to find this log. thanks. ---------- Post updated 05-04-10 at 12:50 AM ---------- Previous update was 05-03-10 at 01:43 AM ---------- what i am looking for is the log message from the system for... (8 Replies)
Discussion started by: mahm_14
8 Replies

5. Solaris

Can't SSH log in without password.

I am working on Solaris 10 Sparc. While ssh trust relation building for SUN-CLUSTER on server, I am facing issue. I can log in from server2 to serer1 direactly but when i log in to server1 from server2 it prompts password. root@app1 # ssh app2 Last login: Wed Jul 27 14:08:14 2011... (0 Replies)
Discussion started by: anand87
0 Replies

6. Solaris

Solaris and PAM Password policy

Hello All, I have Sun DSEE7 (11g) on Solaris 10. I have run idsconfig and initialized ldap client with profile created using idsconfig. My ldap authentication works. Here is my pam.conf # Authentication management # # login service (explicit because of pam_dial_auth) # login ... (3 Replies)
Discussion started by: pandu345
3 Replies

7. SuSE

PAM password change failed, pam error 20

Hi, I use a software which can create account on many system or application. One of resource which is managed by this soft his a server SUSE Linux Enterprise Server 10 (x86_64). patch level 3. This application which is an IBM application use ssh to launch command to create account in... (3 Replies)
Discussion started by: scabarrus
3 Replies

8. Solaris

Can't Log into Solaris 10 u10 due to Pam and DH errors

Dears,, i hope everything is going fine with you,, Yesterday i was trying to log into My Solaris 10 u10 x86 Via SSH , But it showing me many error message and refusing to login even with with the root account and below you can find the error message: # ssh -v root@192.168.10.1... (6 Replies)
Discussion started by: ieee99
6 Replies

9. Linux

Password hardening using pam

Hi We have a requirement to vary the minimum password criteria by the group to which a user belongs. For example a standard user should have a password with a minimum length of 12 and containing a mix of characters whereas an administrator should have a password with a minimum length of 14... (1 Reply)
Discussion started by: gregsih
1 Replies

10. Forum Support Area for Unregistered Users & Account Problems

Password sent via reset password email is 'weak' and won't allow me to change my password

I was unable to login and so used the "Forgotten Password' process. I was sent a NEWLY-PROVIDED password and a link through which my password could be changed. The NEWLY-PROVIDED password allowed me to login. Following the provided link I attempted to update my password to one of my own... (1 Reply)
Discussion started by: Rich Marton
1 Replies

LEARN ABOUT PHP

shadow

SHADOW(5)						   File Formats and Conversions 						 SHADOW(5)

NAME

       shadow - shadowed password file

DESCRIPTION

       shadow is a file which contains the password information for the system's accounts and optional aging information.

       This file must not be readable by regular users if password security is to be maintained.

       Each line of this file contains 9 fields, separated by colons (":"), in the following order:

       login name
	   It must be a valid account name, which exist on the system.

       encrypted password
	   Refer to crypt(3) for details on how this string is interpreted.

	   If the password field contains some string that is not a valid result of crypt(3), for instance ! or *, the user will not be able to
	   use a unix password to log in (but the user may log in the system by other means).

	   This field may be empty, in which case no passwords are required to authenticate as the specified login name. However, some
	   applications which read the /etc/shadow file may decide not to permit any access at all if the password field is empty.

	   A password field which starts with an exclamation mark means that the password is locked. The remaining characters on the line
	   represent the password field before the password was locked.

       date of last password change
	   The date of the last password change, expressed as the number of days since Jan 1, 1970.

	   The value 0 has a special meaning, which is that the user should change her password the next time she will log in the system.

	   An empty field means that password aging features are disabled.

       minimum password age
	   The minimum password age is the number of days the user will have to wait before she will be allowed to change her password again.

	   An empty field and value 0 mean that there are no minimum password age.

       maximum password age
	   The maximum password age is the number of days after which the user will have to change her password.

	   After this number of days is elapsed, the password may still be valid. The user should be asked to change her password the next time
	   she will log in.

	   An empty field means that there are no maximum password age, no password warning period, and no password inactivity period (see below).

	   If the maximum password age is lower than the minimum password age, the user cannot change her password.

       password warning period
	   The number of days before a password is going to expire (see the maximum password age above) during which the user should be warned.

	   An empty field and value 0 mean that there are no password warning period.

       password inactivity period
	   The number of days after a password has expired (see the maximum password age above) during which the password should still be accepted
	   (and the user should update her password during the next login).

	   After expiration of the password and this expiration period is elapsed, no login is possible using the current user's password. The
	   user should contact her administrator.

	   An empty field means that there are no enforcement of an inactivity period.

       account expiration date
	   The date of expiration of the account, expressed as the number of days since Jan 1, 1970.

	   Note that an account expiration differs from a password expiration. In case of an account expiration, the user shall not be allowed to
	   login. In case of a password expiration, the user is not allowed to login using her password.

	   An empty field means that the account will never expire.

	   The value 0 should not be used as it is interpreted as either an account with no expiration, or as an expiration on Jan 1, 1970.

       reserved field
	   This field is reserved for future use.

FILES

       /etc/passwd
	   User account information.

       /etc/shadow
	   Secure user account information.

       /etc/shadow-
	   Backup file for /etc/shadow.

	   Note that this file is used by the tools of the shadow toolsuite, but not by all user and password management tools.

SEE ALSO

       chage(1), login(1), passwd(1), passwd(5), pwck(8), pwconv(8), pwunconv(8), su(1), sulogin(8).

shadow-utils 4.5						    01/25/2018								 SHADOW(5)
All times are GMT -4. The time now is 09:37 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy