Logging passwords in the news.log
Russ Allbery
rra at stanford.edu
Wed Sep 15 19:55:45 UTC 2004
Forrest Aldrich <forrie at forrie.com> writes:
> I've had the news server running for a few days - suddenly today, it's
> recording authinfo in the news.log, and I didn't configure it to do
> this:
> Sep 15 11:15:31 duinn nnrpd[70752]: forrie.ne.client2.attbi.com <
> AUTHINFO user forrie
> Sep 15 11:15:31 duinn nnrpd[70752]: forrie.ne.client2.attbi.com > 381
> PASS required
> Sep 15 11:15:34 duinn nnrpd[70752]: forrie.ne.client2.attbi.com <
> AUTHINFO pass myrealpassword
> How did this happen, and how can I disable this behavior.
You have tracing turned on. You want to turn that off; it logs all
network traffic to the server for debugging. See the documentation for
ctlinnd trace.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers
mailing list