13 May
2008
13 May
'08
8:28 a.m.
A.L.M.Buxey@lboro.ac.uk wrote
which is logical...but i think the wording and desciption of the behaviour is wrong in the config file then...i always thought that the goodpass and badpass would actually log the passwords themselves(!) - oh...but wait, it does!!!
Maybe I just got confused.
oh. thats not good. no, we need to have a safer logging....of just like it used to be - auth logging without the password printing. just print the username/stripped-user (config option) dont print the password if its good or bad.
OK... I'll revert that change. My mistake. Alan DeKok.