check the login.defs file. # less /etc/login.defs On 10/13/07, Sunny wrote:

On 10/13/07, JB2 wrote:

...

Say I click on the 'lock' button on the taskbar (the one above the system on/off button). The screen goes black and if I hit a key on the keyboard or move the mouse, a small window pops up asking me for the user password.

How do I find out if someone has tried to 'log in'? Even if they hit a key on accident or moves the mouse on accident, does the system log this too? If it's in a log somewhere, will it be easily human readable?

Just showing the password dialog is not logged. But a login attempt with bad password is logged in /var/log/messages:

1. kdm login: Oct 13 19:04:23 compy kcheckpass[15345]: Authentication failure for sunny (invoked by uid 1000) 2. Text login (tty console): Oct 13 19:08:26 compy login[15308]: FAILED LOGIN 1 FROM /dev/tty2 FOR sunny, Authentication failure

Strangely, if you try to log in with some username which does not exists on the system: 1. kdm login (invoked with switch user on the lock dialog) - produces nothing 2. Text login: Oct 13 19:02:31 compy login[7175]: FAILED LOGIN 1 FROM /dev/tty2 FOR UNKNOWN, User not known to the underlying authentication module

This is strange, as it does not record which username was tried. And the kdm login attempt is not logged at all.

Also, all ssh login attempts are logged in the same file.

Cheers

-- Svetoslav Milenov (Sunny)

Even the most advanced equipment in the hands of the ignorant is just a pile of scrap. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

-- cheers, dg <a href="http://opensuse.org"><img style="border: 0px solid ; width: 80px; height: 15px;" alt="openSUSE.org" title="openSUSE.org" src="http://files.opensuse.org/opensuse/en/6/6e/Suselinux-green.png" /></a> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

On 10/14/07, darko g wrote:

sorry, typing too fast.

i meant, checn the login.defs file for where to look and how to tweak and configure failed auth logging.

On 10/13/07, darko g wrote:

...

check the login.defs file.

# less /etc/login.defs

Thanks, it was, enough. Cheers -- Svetoslav Milenov (Sunny) Even the most advanced equipment in the hands of the ignorant is just a pile of scrap. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org