[Moritz Molle] > If I do > > # grep change_password /var/log/messages > > I get a list of passwords, if the users have changed their given > passwords. That must not be the case. It's a serious security issue, > and is not solved by /var/log/messages only be readable for root. > > How can i turn off logging of cleartext-passwords?
Which version of debian-edu-config do you have installed? I am aware we found such problem a long time ago, but thought it was solved and the fix pushed out to users. It was fixed in version 1.454~svn77208, according to svn. -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
