146491
diff --git a/passwd.c b/passwd.c
146491
index 45acf02..27ad6fe 100644
146491
--- a/passwd.c
146491
+++ b/passwd.c
146491
@@ -63,7 +63,6 @@
146491
 #ifdef WITH_AUDIT
146491
 #include <libaudit.h>
146491
 #else
146491
-#define audit_log_user_message(d,ty,m,h,a,t,r) do { ; } while(0) 
146491
 #define audit_log_acct_message(d,ty,p,o,n,i,h,a,t,r) do { ; } while(0) 
146491
 static int audit_open(void) { errno = EPROTONOSUPPORT; return -1; } 
146491
 #endif
146491
@@ -274,13 +273,10 @@ parse_args(int argc, const char **argv,
146491
 	/* The only flag which unprivileged users get to use is -k. */
146491
 	if ((passwd_flags & ~PASSWD_KEEP) && 
146491
 	    (getuid() != 0)) {
146491
-		if (passwd_flags & PASSWD_STATUS) {
146491
+		/* Auditing is not needed for displaying status */
146491
+		if (passwd_flags != PASSWD_STATUS) {
146491
 			audit_log_acct_message(audit_fd,  AUDIT_USER_CHAUTHTOK,
146491
-				NULL, "password status display",
146491
-				NULL, getuid(), NULL, NULL, NULL, 0);
146491
-		} else {
146491
-			audit_log_acct_message(audit_fd,  AUDIT_USER_CHAUTHTOK,
146491
-				NULL, "password attribute change",
146491
+				NULL, "attempted-to-change-password-attribute",
146491
 				NULL, getuid(), NULL, NULL, NULL, 0);
146491
 		}
146491
 		fprintf(stderr, _("Only root can do that.\n"));
146491
@@ -293,8 +289,8 @@ parse_args(int argc, const char **argv,
146491
 		if (getuid() != 0) {
146491
 			/* The invoking user was not root. */
146491
 			audit_log_acct_message(audit_fd,  AUDIT_USER_CHAUTHTOK,
146491
-				NULL, "password change", extraArgs[0],
146491
-				getuid(), NULL, NULL, NULL, 0);
146491
+				NULL, "attempted-to-change-password",
146491
+				extraArgs[0], getuid(), NULL, NULL, NULL, 0);
146491
 			fprintf(stderr,
146491
 				_("%s: Only root can specify a user name.\n"),
146491
 				progname);
146491
@@ -392,7 +388,7 @@ main(int argc, const char **argv)
146491
 		fprintf(stderr, _("%s: SELinux denying access due to security policy.\n"), progname);
146491
 		
146491
 		audit_log_acct_message(audit_fd,  AUDIT_USER_CHAUTHTOK,
146491
-			NULL, "change password", NULL, pwd->pw_uid,
146491
+			NULL, "attempted-to-change-password", NULL, pwd->pw_uid,
146491
 			NULL, NULL, NULL, 0);
146491
 		exit(1);
146491
 	}
146491
@@ -404,8 +400,8 @@ main(int argc, const char **argv)
146491
 		printf("%s: %s\n", progname,
146491
 		       retval ==
146491
 		       0 ? _("Success") : _("Error (password not set?)"));
146491
-		audit_log_acct_message(audit_fd,  AUDIT_USER_CHAUTHTOK,
146491
-			NULL, "lock password", NULL, pwd->pw_uid,
146491
+		audit_log_acct_message(audit_fd, AUDIT_ACCT_LOCK,
146491
+			NULL, "locked-password", NULL, pwd->pw_uid,
146491
 			NULL, NULL, NULL, retval == 0);
146491
 		return retval;
146491
 	}
146491
@@ -419,8 +415,8 @@ main(int argc, const char **argv)
146491
 		       retval ==
146491
 		       -2 ? _("Unsafe operation (use -f to force)") :
146491
 		       _("Error (password not set?)"));
146491
-		audit_log_acct_message(audit_fd,  AUDIT_USER_CHAUTHTOK,
146491
-			NULL, "unlock password", NULL, pwd->pw_uid,
146491
+		audit_log_acct_message(audit_fd, AUDIT_ACCT_UNLOCK,
146491
+			NULL, "unlocked-password", NULL, pwd->pw_uid,
146491
 			NULL, NULL, NULL, retval == 0);
146491
 		return retval;
146491
 	}
146491
@@ -431,8 +427,8 @@ main(int argc, const char **argv)
146491
 		printf("%s: %s\n", progname,
146491
 		       retval ==
146491
 		       0 ? _("Success") : _("Error"));
146491
-		audit_log_acct_message(audit_fd,  AUDIT_USER_CHAUTHTOK,
146491
-			NULL, "expire password", NULL, pwd->pw_uid,
146491
+		audit_log_acct_message(audit_fd, AUDIT_USER_MGMT,
146491
+			NULL, "expired-password", NULL, pwd->pw_uid,
146491
 			NULL, NULL, NULL, retval == 0);
146491
 		return retval;
146491
 	}
146491
@@ -443,16 +439,14 @@ main(int argc, const char **argv)
146491
 		printf("%s: %s\n", progname,
146491
 		       (retval == 0) ? _("Success") : _("Error"));
146491
 		audit_log_acct_message(audit_fd,  AUDIT_USER_CHAUTHTOK,
146491
-			NULL, "delete password", NULL, pwd->pw_uid,
146491
+			NULL, "deleted-password", NULL, pwd->pw_uid,
146491
 			NULL, NULL, NULL, retval == 0);
146491
 		return retval;
146491
 	}
146491
 	/* Display account status. */
146491
 	if (passwd_flags & PASSWD_STATUS) {
146491
+		/* Auditing is not needed for displaying status */
146491
 		retval = pwdb_display_status(username);
146491
-		audit_log_acct_message(audit_fd,  AUDIT_USER_CHAUTHTOK,
146491
-			NULL, "password status displayed for user",
146491
-			NULL, pwd->pw_uid, NULL, NULL, NULL, retval == 0);
146491
 		return retval;
146491
 	}
146491
 	/* Adjust aging parameters. */
146491
@@ -462,12 +456,12 @@ main(int argc, const char **argv)
146491
 		retval = pwdb_update_aging(username, min, max, warn, inact, -2);
146491
 		printf("%s: %s\n", progname,
146491
 		       (retval == 0) ? _("Success") : _("Error"));
146491
-		snprintf(aubuf, sizeof(aubuf), "password aging data updated "
146491
-				"- acct=%s, uid=%u, min=%li, max=%li,"
146491
-				" warn=%li, inact=%li", username, 
146491
-				pwd->pw_uid, min, max, warn, inact);
146491
-		audit_log_user_message(audit_fd,  AUDIT_USER_CHAUTHTOK,
146491
-			aubuf, NULL, NULL, NULL, retval == 0);
146491
+		snprintf(aubuf, sizeof(aubuf), "changed-password-aging"
146491
+				" min=%li max=%li warn=%li inact=%li",
146491
+				min, max, warn, inact);
146491
+		audit_log_acct_message(audit_fd,  AUDIT_USER_MGMT,
146491
+			NULL, aubuf, NULL, pwd->pw_uid,
146491
+			NULL, NULL, NULL, retval == 0);
146491
 		return retval;
146491
 	}
146491
 
146491
@@ -548,33 +542,22 @@ main(int argc, const char **argv)
146491
 	}
146491
 #endif
146491
 
146491
-	/* Go for it. */
146491
+	/* Go for it. Note: pam will send audit event. */
146491
 	retval = pam_chauthtok(pamh,
146491
 			       (passwd_flags & PASSWD_KEEP) ?
146491
 			       PAM_CHANGE_EXPIRED_AUTHTOK : 0);
146491
 	if (retval == PAM_SUCCESS) {
146491
 		/* We're done.  Tell the invoking user that it worked. */
146491
 		retval = pam_end(pamh, PAM_SUCCESS);
146491
-		if (passwd_flags & PASSWD_KEEP) {
146491
-			audit_log_acct_message(audit_fd,  AUDIT_USER_CHAUTHTOK,
146491
-				NULL, "change expired password", NULL,
146491
-				pwd->pw_uid, NULL, NULL, NULL,
146491
-				retval == PAM_SUCCESS);
146491
+		if (passwd_flags & PASSWD_KEEP)
146491
 			printf(_("%s: expired authentication tokens updated successfully.\n"),
146491
 				progname);
146491
-		} else {
146491
-			audit_log_acct_message(audit_fd,  AUDIT_USER_CHAUTHTOK,
146491
-				NULL, "change password", NULL, pwd->pw_uid,
146491
-				NULL, NULL, NULL, retval == PAM_SUCCESS);
146491
+		else
146491
 			printf(_("%s: all authentication tokens updated successfully.\n"),
146491
 				progname);
146491
-		}
146491
 		retval = 0;
146491
 	} else {
146491
 		/* Horrors!  It failed.  Relay the bad news. */
146491
-		audit_log_acct_message(audit_fd,  AUDIT_USER_CHAUTHTOK,
146491
-				NULL, "change password", NULL, pwd->pw_uid,
146491
-				NULL, NULL, NULL, retval == PAM_SUCCESS);
146491
 		fprintf(stderr, "%s: %s\n", progname,
146491
 			pam_strerror(pamh, retval));
146491
 		pam_end(pamh, retval);