MySQL Bugs: #74313: Add option to restrict logging of passwords in debug log of authentication

Bug #74313	Add option to restrict logging of passwords in debug log of authentication_pam
Submitted:	10 Oct 2014 9:46	Modified:	17 Nov 2014 8:34
Reporter:	Daniël van Eeden (OCA)	Email Updates:
Status:	Verified	Impact on me:	None
Category:	MySQL Server: Pluggable Authentication	Severity:	S4 (Feature request)
Version:	5.6.21	OS:	Any
Assigned to:		CPU Architecture:	Any
Tags:	authentication, PAM, plugin, Security

View
Add Comment
Files
Developer
Edit Submission
View Progress Log
Contributions

Description:
If AUTHENTICATION_PAM_LOG is set debug logging is created for the pam authentication plugin. This includes logging of passwords.

http://dev.mysql.com/doc/refman/5.6/en/pam-authentication-plugin.html#pam-authentication-p...

Please add an option to create a debug log without passwords. This enables me to copy/paste debug messages without (accidentally) revealing passwords.

How to repeat:
Enable debug log for pam auth. Then grep for passwords.

Changed to S4