MarlonNelson wrote:I activated Metalog. Recently, I've noticed my password showing up in the log.
everything/log-2008-03-08-01:00:01:Mar 7 16:51:37 [sudo] pcor : TTY=tty1 ; PWD=/ ; USER=root ; COMMAND=/usr/bin/PCoR/cachefs/authentify_changepwd.sh XXXXXXXX
This seems like a bad idea.
Any chance this could be fixed?
Hmm. After looking at that script (and some related ones), the options appear somewhat limited.
Suppressing the log of sudo commands is one solution but appears heavy handed.
chpasswd does allow you to pass it encrypted passwords, but smbpasswd doesn't.
Side note - You may want to search other files for plain text passwords. CUPS configuration files (to print on remote servers) saves the PW in plain text. I found an evolution file w/ a plain text password as well.
A full fix may require an encrypted hard disk or file system (since the way to enable developer edition is published in the public).