Make homed send audit events directly

[AdrianVovk]

Component

systemd-homed

Is your feature request related to a problem? Please describe

If systemd-homed is used directly (i.e. not through PAM) to change security-sensitive settings about the user (most notably the user's authentication methods, but this can also apply to things like account lock status, password expiration, etc) or authenticate the user, no logging is done to the audit log.

Most important is sending audit events about password changes, because soon GNOME Settings will support changing homed passwords by talking to homed directly

Describe the solution you'd like

To maintain compatibility with existing audit infrastructure, homed should send its own audit events to ensure that security-sensitive events still appear in the audit log

Describe alternatives you've considered

Using PAM, but the API is limited and it defeats the purpose of auditing if an attacker can bypass it by talking to homed directly

The systemd version you checked that didn't have the feature you are asking for

v256 (git)

[poettering]

I mean, audit events are fine if people care, but outside of some very conservative corporate deployments they really don't matter. hence, I'd really not bother, and let the Redhats of this world eventually send a patch if they care and it becomes relevant, noone else needs this stuff.

note that for sysusers.d/ we don't generate audit events either, and so far not even rh cared much.