- (djm) Don't log SSH2 PAM KbdInt responses to debug, they may contain

passwords.
2001-01-31 10:50:49 +11:00 · 2001-01-31 10:50:49 +11:00 · bf75776d41
parent 709528ab6a
commit bf75776d41
2 changed files with 3 additions and 2 deletions
--- a/2
+++ b/2
@ -6,6 +6,8 @@
 - (djm) Fix autoconf logic for --with-lastlog=no Report and diagnosis from
   Philipp Buehler <lists@fips.de> and Kevin Steves <stevesk@sweden.hp.com>
   respectively.
+ - (djm) Don't log SSH2 PAM KbdInt responses to debug, they may contain
+   passwords.

 20000130
 - (djm) OpenBSD CVS Sync:
--- a/auth2-pam.c
+++ b/auth2-pam.c
@ -1,5 +1,5 @@
 #include "includes.h"
-RCSID("$Id: auth2-pam.c,v 1.6 2001/01/22 05:34:40 mouring Exp $");
+RCSID("$Id: auth2-pam.c,v 1.7 2001/01/30 23:50:49 djm Exp $");

 #ifdef USE_PAM
 #include <security/pam_appl.h>
@ -152,7 +152,6 @@ input_userauth_info_response_pam(int type, int plen, void *ctxt)
 	for (i = 0; i < nresp; i++) {
 		int j = context_pam2.prompts[i];
 		resp = packet_get_string(&rlen);
-		debug("response ssh-%d(pam-%d) = \"%s\"", i, j, resp);
 		context_pam2.responses[j].resp_retcode = PAM_SUCCESS;
 		context_pam2.responses[j].resp = xstrdup(resp);
 		xfree(resp);