> > > It does not appear to be possible to log failed login attempts
> > > with the supplied login.  (ie the attempted login, etc.)
> > # The authpriv log file should be restricted access;
> > # these messages shouldn't go to terminals or publically-readable files.
> > authpriv.*                                      /var/log/secure
> > then it'll do what you want.

> Make absolutely sure, though, that it's really what you want:  logging
> actual supplied logins is often a great way to offer cleartext passwords
> to an adversary...

Which is why you have
	authpriv.*			/var/log/secure
	...,authpriv.none,...		/var/log/messages

So none of the authpriv messages (those that actually display the
failed login) goto /var/log/messages, but they do go to
/var/log/secure (which you have with 600 perms.)

-- 
Luke Mewburn, <lm@cpr.itg.telecom.com.au>
`Think of it as Evolution in Action.' - "Oath of Fealty", Niven & Pournelle