From: justin.bleistein@SUNGARD.COM
Date: Mon Oct 28 2002 - 14:09:57 EST
I'm sure there's an event for it. I havn't had to use it for quite some
time. There's a redbook out on: "http://www.ibm.com/redbooks" which is
called: "AIX AUDITING AND ACCOUTING" it's a security book and in the back
it has all of the audit events. If there isn't one for password change,
then the event for writes to the "/etc/passwd" file may be as to some use.
--Justin
"Green, Simon"
<SGreen@KRAFTEURO To: aix-l@Princeton.EDU
PE.COM> cc:
Sent by: IBM AIX Subject: Re: auditing
Discussion List
<aix-l@Princeton.
EDU>
10/28/2002 05:26
AM
Please respond to
IBM AIX
Discussion List
Do you mean that when a user is forced to change their password there
is no audit record at all, or simply that you can't distinguish between
that and the user changing it voluntarily using passwd?
Simon Green
Senior Technical Analyst
UNIX and AS400 Services
Philip Morris ITSC-E
Tel: +44 1242 284318
Fax: +44 1242 284510
> -----Original Message-----
> From: Adam Hanel [mailto:hanela@BILLINGS.K12.MT.US]
> Sent: 25 October 2002 18:38
> To: aix-l@Princeton.EDU
> Subject: auditing
>
>
> Has anyone ever setup auditing to tell you when a user changes their
> password during the login process.
>
> For example: I don't want to know if the user executes
> "passwd" but I
> do want to know when the system tells them that they are required to
> change their password, and forces them to do so when they login.
>
> I have setup a class in the config file called passw(below)
> and assigned
> it to a user, you can see what I am asking for, but the
> /audit/stream.out doesn't register anything when a user is prompted to
> change their password at login.
>
>
> passw=USER_SU,PASSWORD_Change,S_PASSWD_WRITE,PASSWORD_Check,PA
> SSWORD_Fla
> gs,PASSWORD_Ckerr
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:17 EDT