Bug #74313 Add option to restrict logging of passwords in debug log of authentication_pam
Submitted: 10 Oct 2014 9:46 Modified: 17 Nov 2014 8:34
Reporter: Daniël van Eeden (OCA) Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Pluggable Authentication Severity:S4 (Feature request)
Version:5.6.21 OS:Any
Assigned to: CPU Architecture:Any
Tags: authentication, PAM, plugin, Security

[10 Oct 2014 9:46] Daniël van Eeden
Description:
If AUTHENTICATION_PAM_LOG is set debug logging is created for the pam authentication plugin. This includes logging of passwords.

http://dev.mysql.com/doc/refman/5.6/en/pam-authentication-plugin.html#pam-authentication-p...

Please add an option to create a debug log without passwords. This enables me to copy/paste debug messages without (accidentally) revealing passwords.

How to repeat:
Enable debug log for pam auth. Then grep for passwords.
[10 Oct 2014 9:51] Daniël van Eeden
Changed to S4