5.2. Use of syslog(3)

Only rarely should error information be directed to the user. Usually, this is to be limited to “sorry you cannot login now” type messages. Information concerning errors in the configuration file, /etc/pam.conf, or due to some system failure encountered by the module, should be written to syslog(3) with facility-type LOG_AUTHPRIV.

With a few exceptions, the level of logging is, at the discretion of the module developer. Here is the recommended usage of different logging levels: