What are reasonable blockers for making journald the default logger in F19?

Andrew Schultz ajschult at verizon.net
Wed Oct 17 19:07:19 UTC 2012


Lennart Poettering wrote:
> So, that passwords are logged to authpriv appears to be fabrication to
> me. Can you point me to something reliable that people understood it
> that way, that code is actually doing this, or even best, that authpriv
> was actually supposed to be used for logs like that?

In the not-to-distant past when users had to type in their login names 
(instead of choosing from a list), users would sometimes type their 
passwords instead (perhaps thinking the screensaver was locked).  PAM 
apparently concluded the sky was falling and sent something to the logs 
as LOG_CRIT, and the logs would then contain "unknown user XYZ tried to 
log in" (where XYZ was the users password).  As a bonus, logwatch would 
then happily send these to me in an email [I patched pam locally to 
consider it LOG_NOTICE].

The switch to the current chooser has eliminated this problem for me, 
but there might be other contexts where a user might inadvertently type 
in their password where the username is desired and if you log all 
attempts to login, then they'll end up in the logs.  I'd suggest that 
not logging unknown users by default is a much better solution than 
having a special log; no admin wants to see passwords (even if they're 
root) and unknown usernames (either typos or passwords) are rarely helpful.

-- 
Andrew Schultz
ajs42 at buffalo.edu
http://www.sens.buffalo.edu/~ajs42/


More information about the devel mailing list