diff --git a/ChangeLog b/ChangeLog index 0e854e2f1..7ac2bf354 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ - (djm) Fix autoconf logic for --with-lastlog=no Report and diagnosis from Philipp Buehler and Kevin Steves respectively. + - (djm) Don't log SSH2 PAM KbdInt responses to debug, they may contain + passwords. 20000130 - (djm) OpenBSD CVS Sync: diff --git a/auth2-pam.c b/auth2-pam.c index c54ad31a2..d7a5ff7a4 100644 --- a/auth2-pam.c +++ b/auth2-pam.c @@ -1,5 +1,5 @@ #include "includes.h" -RCSID("$Id: auth2-pam.c,v 1.6 2001/01/22 05:34:40 mouring Exp $"); +RCSID("$Id: auth2-pam.c,v 1.7 2001/01/30 23:50:49 djm Exp $"); #ifdef USE_PAM #include @@ -152,7 +152,6 @@ input_userauth_info_response_pam(int type, int plen, void *ctxt) for (i = 0; i < nresp; i++) { int j = context_pam2.prompts[i]; resp = packet_get_string(&rlen); - debug("response ssh-%d(pam-%d) = \"%s\"", i, j, resp); context_pam2.responses[j].resp_retcode = PAM_SUCCESS; context_pam2.responses[j].resp = xstrdup(resp); xfree(resp);