Logging passwords in the news.log

Russ Allbery rra at stanford.edu
Wed Sep 15 19:55:45 UTC 2004


Forrest Aldrich <forrie at forrie.com> writes:

> I've had the news server running for a few days - suddenly today, it's
> recording authinfo in the news.log, and I didn't configure it to do
> this:

> Sep 15 11:15:31 duinn nnrpd[70752]: forrie.ne.client2.attbi.com < 
> AUTHINFO user forrie
> Sep 15 11:15:31 duinn nnrpd[70752]: forrie.ne.client2.attbi.com > 381 
> PASS required
> Sep 15 11:15:34 duinn nnrpd[70752]: forrie.ne.client2.attbi.com < 
> AUTHINFO pass myrealpassword

> How did this happen, and how can I disable this behavior.

You have tracing turned on.  You want to turn that off; it logs all
network traffic to the server for debugging.  See the documentation for
ctlinnd trace.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.


More information about the inn-workers mailing list