Password logging in hpsmh - os_auth.log

JesperL — Tue, 01 Mar 2011 14:41:48 GMT

Hi

"Not sure this is the right forum for this question, but i couldn't find one for hpsmh."

Does anyone know how to disable logging of password in clear-text in /var/spool/opt/hp/hpsmh/logs/os_auth.log.

I dont mind that aptempts are logged, but i'm not to happy about password in clear-text.

Thanks

# hpsmh version 6.1.0.103

# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.5 (Tikanga)

# uname -a
Linux server.domain.com 2.6.18-194.el5 #1 SMP Tue Mar 16 21:52:39 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux

Sample log output:
Environ = USRNAME=MyUsername
Environ = PASSWORD=MyPassword
Environ = ADMIN_0=root
Environ = ADMIN_1=OtherAdminGroup
Environ = OPER_0=
Environ = USER_0=

*** Find Environ ***
Pre loop find Environ |USRNAME| len = x
Post loop find Environ |USRNAME=MyUsername| len = x
*** Find Environ exit loop***
USERNAME = MyUsername

*** Find Environ ***
Pre loop find Environ |PASSWORD| len = x
Post loop find Environ |PASSWORD=MyPassword| len = x
*** Find Environ exit loop***
PASSWORD = MyPassword

*** Find Environ ***
*** Find Environ exit end***

Re: Password logging in hpsmh - os_auth.log

David Claypool — Tue, 01 Mar 2011 19:03:12 GMT

That appears to be an unfortunate oversight limited to that version where a developer's log for debugging purposes wasn't removed prior to publishing the RPM. Current version of SMH is 6.3.0-22 contained in the ProLiant Support Pack version 8.6. Upgrade to this newer version that doesn't exhibit that behavior.

topic Re: Password logging in hpsmh - os_auth.log in Operating System - Linux

Password logging in hpsmh - os_auth.log

Re: Password logging in hpsmh - os_auth.log