5.2. Use of syslog(3)
Only rarely should error information be directed to the user. Usually, this is to be limited to “ sorry you cannot login now ” type messages. Information concerning errors in the configuration file,
/etc/pam.conf , or due to some system failure encountered by the module, should be written to syslog(3) with facility-type LOG_AUTHPRIV .
With a few exceptions, the level of logging is, at the discretion of the module developer. Here is the recommended usage of different logging levels:
As a general rule, errors encountered by a module should be logged at the LOG_ERR level. However, information regarding an unrecognized argument, passed to a module from an entry in the
/etc/pam.conffile, is required to be logged at the LOG_ERR level.
Debugging information, as activated by the debug argument to the module in
/etc/pam.conf, should be logged at the LOG_DEBUG level.
If a module discovers that its personal configuration file or some system file it uses for information is corrupted or somehow unusable, it should indicate this by logging messages at level, LOG_ALERT .
Shortages of system resources, such as a failure to manipulate a file or
malloc()failures should be logged at level LOG_CRIT .
Authentication failures, associated with an incorrectly typed password should be logged at level, LOG_NOTICE .