What are reasonable blockers for making journald the default logger in F19?
ajschult at verizon.net
Wed Oct 17 19:07:19 UTC 2012
Lennart Poettering wrote:
> So, that passwords are logged to authpriv appears to be fabrication to
> me. Can you point me to something reliable that people understood it
> that way, that code is actually doing this, or even best, that authpriv
> was actually supposed to be used for logs like that?
In the not-to-distant past when users had to type in their login names
(instead of choosing from a list), users would sometimes type their
passwords instead (perhaps thinking the screensaver was locked). PAM
apparently concluded the sky was falling and sent something to the logs
as LOG_CRIT, and the logs would then contain "unknown user XYZ tried to
log in" (where XYZ was the users password). As a bonus, logwatch would
then happily send these to me in an email [I patched pam locally to
consider it LOG_NOTICE].
The switch to the current chooser has eliminated this problem for me,
but there might be other contexts where a user might inadvertently type
in their password where the username is desired and if you log all
attempts to login, then they'll end up in the logs. I'd suggest that
not logging unknown users by default is a much better solution than
having a special log; no admin wants to see passwords (even if they're
root) and unknown usernames (either typos or passwords) are rarely helpful.
ajs42 at buffalo.edu
More information about the devel