Michael Heiming <michael+USENET@www.heiming.de> wrote in message news:<5ku502-3lp.ln1@news.heiming.de>...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> NotDashEscaped: You need GnuPG to verify this message
>
> In comp.os.linux.security Bob Holding <etchttpd@yahoo.com> suggested:
> > There have been a few posts about this, but no answer...
>
> > Fedora Core 1 will send a bad password change to syslog, but not a
> > vanilla password change... Any suggestions on how I can log regular
> > password changes?
>
> > My first thought was to modify the source to passwd. So, I grabbed
> [..]
>
> No need, take a look at:
> /usr/share/doc/pam-*/txts/README.pam_pwdb
>
> And modify your pam configuration accordingly until it does what
> you want.
>
> Good luck
> ...

Cool. Thanks for the tip! After doing a little more research I found
http://www.kernel.org/pub/linux/libs...-6.html#ss6.19
and
http://www.linux.cu/documentos/RedHa...admin-auth.htm

The latter had this example for /etc/pam.d/passwd:

#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_pwdb.so shadow nullok
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_pwdb.so shadow nullok
use_authtok
session required /lib/security/pam_pwdb.so

So, if anyone else wants to log password changes, modify
/etc/pam.d/passwd (your PAM configuration file(s) may vary...) and
you're good to go... The above PAM passwd config works for me.