rpms / pam

Clone
Source Code
GIT

Blame SOURCES/pam-1.3.1-tty-audit-manfix.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c8
  2.   SOURCES
  3.   pam-1.3.1-tty-audit-manfix.patch
Blob History Raw
a46dbe 
From e31dd6c7d0faa7a06d3ebd50a0b6957b9f822d15 Mon Sep 17 00:00:00 2001
a46dbe 
From: Tomas Mraz <tmraz@fedoraproject.org>
a46dbe 
Date: Wed, 7 Aug 2019 18:13:57 +0200
a46dbe 
Subject: [PATCH] pam_tty_audit: Manual page clarification about password
a46dbe 
 logging
a46dbe
a46dbe 
* modules/pam_tty_audit/pam_tty_audit.8.xml: Explanation why passwords
a46dbe 
can be sometimes logged even when the option is not set.
a46dbe 
---
a46dbe 
 modules/pam_tty_audit/pam_tty_audit.8.xml | 7 +++++++
a46dbe 
 1 file changed, 7 insertions(+)
a46dbe
a46dbe 
diff --git a/modules/pam_tty_audit/pam_tty_audit.8.xml b/modules/pam_tty_audit/pam_tty_audit.8.xml
a46dbe 
index 59a3406..e346c68 100644
a46dbe 
--- a/modules/pam_tty_audit/pam_tty_audit.8.xml
a46dbe 
+++ b/modules/pam_tty_audit/pam_tty_audit.8.xml
a46dbe 
@@ -149,6 +149,13 @@
a46dbe 
       greater than or equal to <replaceable>min_uid</replaceable> will be
a46dbe 
       matched.
a46dbe 
     </para>
a46dbe 
+    <para>
a46dbe 
+      Please note that passwords in some circumstances may be logged by TTY auditing
a46dbe 
+      even if the <option>log_passwd</option> is not used. For example, all input to
a46dbe 
+      an ssh session will be logged - even if there is a password being typed into
a46dbe 
+      some software running at the remote host because only the local TTY state
a46dbe 
+      affects the local TTY auditing.
a46dbe 
+    </para>
a46dbe 
   </refsect1>
a46dbe
a46dbe 
   <refsect1 id='pam_tty_audit-examples'>
a46dbe 
--
a46dbe 
2.20.1
a46dbe

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation