Lennart Poettering wrote:
So, that passwords are logged to authpriv appears to be fabrication to me. Can you point me to something reliable that people understood it that way, that code is actually doing this, or even best, that authpriv was actually supposed to be used for logs like that?
In the not-to-distant past when users had to type in their login names (instead of choosing from a list), users would sometimes type their passwords instead (perhaps thinking the screensaver was locked). PAM apparently concluded the sky was falling and sent something to the logs as LOG_CRIT, and the logs would then contain "unknown user XYZ tried to log in" (where XYZ was the users password). As a bonus, logwatch would then happily send these to me in an email [I patched pam locally to consider it LOG_NOTICE].
The switch to the current chooser has eliminated this problem for me, but there might be other contexts where a user might inadvertently type in their password where the username is desired and if you log all attempts to login, then they'll end up in the logs. I'd suggest that not logging unknown users by default is a much better solution than having a special log; no admin wants to see passwords (even if they're root) and unknown usernames (either typos or passwords) are rarely helpful.
-- Andrew Schultz ajs42@xxxxxxxxxxx http://www.sens.buffalo.edu/~ajs42/ -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
