5.2. Use of syslog(3)
Only rarely should error information be directed to the user. Usually, this is to be limited to “sorry you cannot login now” type messages. Information concerning errors in the configuration file,
/etc/pam.conf, or due to some system failure encountered by the module, should be written to syslog(3) with facility-type LOG_AUTHPRIV.
With a few exceptions, the level of logging is, at the discretion of the module developer. Here is the recommended usage of different logging levels:
As a general rule, errors encountered by a module should be logged at the LOG_ERR level. However, information regarding an unrecognized argument, passed to a module from an entry in the
/etc/pam.conffile, is required to be logged at the LOG_ERR level.
Debugging information, as activated by the debug argument to the module in
/etc/pam.conf, should be logged at the LOG_DEBUG level.
If a module discovers that its personal configuration file or some system file it uses for information is corrupted or somehow unusable, it should indicate this by logging messages at level, LOG_ALERT.
Shortages of system resources, such as a failure to manipulate a file or
malloc()failures should be logged at level LOG_CRIT.
Authentication failures, associated with an incorrectly typed password should be logged at level, LOG_NOTICE.