I get a log entry, even though the user is properly authenticated - it's the same for ssh and http:
May 15 09:22:40 f5devicename alert httpd[12843]: pam_unix(httpd:account): could not identify u...
I tried to change both values for auth-priv-from and user-log-from to emerg, but it doesn't solve the problem.where is the log? is it /var/log/secure? those settings affect only local log.