Re: password-changes visible in /var/log/messages

To: debian-edu@lists.debian.org
Subject: Re: password-changes visible in /var/log/messages
From: Moritz Molle <mmolle@gmx.net>
Date: Tue, 30 Oct 2012 13:29:05 +0100
Message-id: <[🔎] 508FC811.4000103@gmx.net>
In-reply-to: <[🔎] 20121030122120.GY16036@ulrik.uio.no>
References: <[🔎] 508FC1F6.7020202@gmx.net> <[🔎] 20121030122120.GY16036@ulrik.uio.no>

root@tjener:/var/log# dpkg -l | grep debian-edu-config

ii debian-edu-config 1.453Configuration files for Skolelinux systems


root@tjener:/var/log# apt-get install debian-edu-config
Reading package lists... Done
Building dependency tree
Reading state information... Done
debian-edu-config is already the newest version.

Can somebody tell me how to disable that password-logging?

greetings

M. Molle

On 30.10.2012 13:21, Petter Reinholdtsen wrote:

[Moritz Molle]

If I do

# grep change_password /var/log/messages

I get a list of passwords, if the users have changed their given
passwords. That must not be the case. It's a serious security issue,
and is not solved by /var/log/messages only be readable for root.

How can i turn off logging of cleartext-passwords?


Which version of debian-edu-config do you have installed?  I am aware
we found such problem a long time ago, but thought it was solved and
the fix pushed out to users.  It was fixed in version 1.454~svn77208,
according to svn.

Reply to:

References:
- password-changes visible in /var/log/messages
  - From: Moritz Molle <mmolle@gmx.net>
- Re: password-changes visible in /var/log/messages
  - From: Petter Reinholdtsen <pere@hungry.com>

Prev by Date: Re: password-changes visible in /var/log/messages
Next by Date: Getting the Debian Edu APT repositoriy working again
Previous by thread: Re: password-changes visible in /var/log/messages
Next by thread: Getting the Debian Edu APT repositoriy working again
Index(es):
- Date
- Thread