On Thu, Aug 28, 2008 at 08:37:07PM +0200, ,,, wrote: > Excuse me, but this is very simple thing, this is not big philosophical > problem. > The software has ability to log login+password for troubleshooting, which > is great (users ALWAYS claim that they are writting their password > correctly, so this is nice to have). Since it's not enabled by default, you > have to be very concious to enable this behaviour, I don't see a problem. > The problem is - the option is described as: > ' # In case of password mismatches, log the passwords and used scheme so the > # problem can be debugged. Requires auth_debug=yes to be set.' > which is untre, since it logs ALL passwords, and this needs to get fixed, > or at least description needs to be changed to something more truish. > That's it.
I don't know what you're talking about, but it's not this bug. This bug is about the fact that unknown *usernames* are logged to /var/log/auth.log, by default. And it's been marked *confirmed*, by me, the maintainer. So could people please stop kibbitzing the *severity* here, given that I've already acknowledged that I consider it a bug? -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
