Re: password-changes visible in /var/log/messages
[Moritz Molle]
> If I do
>
> # grep change_password /var/log/messages
>
> I get a list of passwords, if the users have changed their given
> passwords. That must not be the case. It's a serious security issue,
> and is not solved by /var/log/messages only be readable for root.
>
> How can i turn off logging of cleartext-passwords?
Which version of debian-edu-config do you have installed? I am aware
we found such problem a long time ago, but thought it was solved and
the fix pushed out to users. It was fixed in version 1.454~svn77208,
according to svn.
--
Happy hacking
Petter Reinholdtsen
Reply to: