Re: password-changes visible in /var/log/messages

To: debian-edu@lists.debian.org
Subject: Re: password-changes visible in /var/log/messages
From: Petter Reinholdtsen <pere@hungry.com>
Date: Tue, 30 Oct 2012 13:21:20 +0100
Message-id: <[🔎] 20121030122120.GY16036@ulrik.uio.no>
In-reply-to: <[🔎] 508FC1F6.7020202@gmx.net>
References: <[🔎] 508FC1F6.7020202@gmx.net>

[Moritz Molle]
> If I do
> 
> # grep change_password /var/log/messages
> 
> I get a list of passwords, if the users have changed their given
> passwords. That must not be the case. It's a serious security issue,
> and is not solved by /var/log/messages only be readable for root.
> 
> How can i turn off logging of cleartext-passwords?

Which version of debian-edu-config do you have installed?  I am aware
we found such problem a long time ago, but thought it was solved and
the fix pushed out to users.  It was fixed in version 1.454~svn77208,
according to svn.

-- 
Happy hacking
Petter Reinholdtsen

Reply to:

Follow-Ups:
- Re: password-changes visible in /var/log/messages
  - From: Moritz Molle <mmolle@gmx.net>

References:
- password-changes visible in /var/log/messages
  - From: Moritz Molle <mmolle@gmx.net>

Prev by Date: password-changes visible in /var/log/messages
Next by Date: Re: password-changes visible in /var/log/messages
Previous by thread: password-changes visible in /var/log/messages
Next by thread: Re: password-changes visible in /var/log/messages
Index(es):
- Date
- Thread