Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Andrew Gaganov wrote: > It's not true. Shadow file contains only password hashes, and cracking > passwords is > normally complex task. No it isn't - a simple dictionary search across a password file will catch 90% of the passwords in most organisations in a couple of minutes. Kerberos fixes this by having the entire database encrypted by a master password (which is long and unguessable). Basically if someone has root you have *far* worse problems than the security of your auth.log file. > >>cvshome cvs does exactly the same thing, btw. and always has >>done as far >>as I can tell (at least as far back as 2001 from searching). > > Yes, but it happens on CLIENT side (not SERVER), on client computer. > It's server side only. The client is not involved in that code. This is not new at all... it's been in every CVS as far back as I can find. It's not that it can't change (I probably will change it), but that it's really not that big a deal, given that the file its logged to contains all sorts of sensitive information - even logging userenames has similar considerations (typing password as username.. more common that you'd expect). Tony