Security/PamUsb/Troubleshooting

De TartareFR
Version datée du 13 décembre 2012 à 14:11 par Didier (discussion | contributions) (Page créée avec « = Troubleshooting = Don't panic! == Log Analysis == Both pam_usb.so and pamusb-agent use the syslog facility to log authentication attempts. This can be useful for GUI-dri... »)
(diff) ← Version précédente | Voir la version actuelle (diff) | Version suivante → (diff)
Aller à la navigation Aller à la recherche

Troubleshooting

Don't panic!

Log Analysis

Both pam_usb.so and pamusb-agent use the syslog facility to log authentication attempts. This can be useful for GUI-driven applications (for instance GDM) where you don't get to see console output. Messages are logged with the AUTH facility, they are usually written to <path>/var/log/auth.log</path> but may vary depending on the operating system you're using. 

# tail -f /var/log/auth.log
pamusb-agent[25429]: Device "sandisk" has been inserted. Performing
verification...
pamusb-agent[25429]: Executing "/usr/bin/pamusb-check --quiet
--config=/etc/pamusb.conf --service=pamusb-agent scox"
pam_usb[25485]: Authentication request for user "scox" (pamusb-agent)
pam_usb[25485]: Device "sandisk" is connected (good).
pam_usb[25485]: Access granted.
pamusb-agent[25429]: Authentication succeeded. Unlocking user "scox"...
pamusb-agent[25429]: Unlocked.

Enabling debug

Enabling debug messages may help you find out what's wrong.

To enable them, edit <path>/etc/pamusb.conf</path> and set the following option: 

<defaults>
  <option name="debug">true</option>
</defaults>

You can enable debug messages only for a specific user, device or service. 

<services>
  <service id="sudo">
 <option name="debug">true</option>
  </service>
</services>
Récupérée de « https://wikiold.home.tartarefr.eu/index.php?title=Security/PamUsb/Troubleshooting&oldid=1018 »