pam/pam-1.3.1-tty-audit-manfix.patch

From e31dd6c7d0faa7a06d3ebd50a0b6957b9f822d15 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Wed, 7 Aug 2019 18:13:57 +0200
Subject: [PATCH] pam_tty_audit: Manual page clarification about password
 logging

* modules/pam_tty_audit/pam_tty_audit.8.xml: Explanation why passwords
can be sometimes logged even when the option is not set.
---
 modules/pam_tty_audit/pam_tty_audit.8.xml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/modules/pam_tty_audit/pam_tty_audit.8.xml b/modules/pam_tty_audit/pam_tty_audit.8.xml
index 59a3406..e346c68 100644
--- a/modules/pam_tty_audit/pam_tty_audit.8.xml
+++ b/modules/pam_tty_audit/pam_tty_audit.8.xml
@@ -149,6 +149,13 @@
       greater than or equal to <replaceable>min_uid</replaceable> will be
       matched.
     </para>
+    <para>
+      Please note that passwords in some circumstances may be logged by TTY auditing
+      even if the <option>log_passwd</option> is not used. For example, all input to
+      an ssh session will be logged - even if there is a password being typed into
+      some software running at the remote host because only the local TTY state
+      affects the local TTY auditing.
+    </para>
   </refsect1>
 
   <refsect1 id='pam_tty_audit-examples'>
-- 
2.20.1
Multiple fixes and enhancements pam_namespace: Support noexec, nosuid and nodev flags for tmpfs mounts Drop tallylog and pam_tally documentation pam_faillock: Support local_users_only option pam_lastlog: Do not display failed attempts with PAM_SILENT flag pam_lastlog: Support unlimited option to override fsize limit pam_unix: Log if user authenticated without password pam_tty_audit: Improve manual page Optimize closing fds when spawning helpers Fix duplicate password verification in pam_authtok_verify() 2019-10-16 14:35:57 +00:00			`From e31dd6c7d0faa7a06d3ebd50a0b6957b9f822d15 Mon Sep 17 00:00:00 2001`
			`From: Tomas Mraz <tmraz@fedoraproject.org>`
			`Date: Wed, 7 Aug 2019 18:13:57 +0200`
			`Subject: [PATCH] pam_tty_audit: Manual page clarification about password`
			`logging`

			`* modules/pam_tty_audit/pam_tty_audit.8.xml: Explanation why passwords`
			`can be sometimes logged even when the option is not set.`
			`---`
			`modules/pam_tty_audit/pam_tty_audit.8.xml \| 7 +++++++`
			`1 file changed, 7 insertions(+)`

			`diff --git a/modules/pam_tty_audit/pam_tty_audit.8.xml b/modules/pam_tty_audit/pam_tty_audit.8.xml`
			`index 59a3406..e346c68 100644`
			`--- a/modules/pam_tty_audit/pam_tty_audit.8.xml`
			`+++ b/modules/pam_tty_audit/pam_tty_audit.8.xml`
			`@@ -149,6 +149,13 @@`
			`greater than or equal to <replaceable>min_uid</replaceable> will be`
			`matched.`
			`</para>`
			`+ <para>`
			`+ Please note that passwords in some circumstances may be logged by TTY auditing`
			`+ even if the <option>log_passwd</option> is not used. For example, all input to`
			`+ an ssh session will be logged - even if there is a password being typed into`
			`+ some software running at the remote host because only the local TTY state`
			`+ affects the local TTY auditing.`
			`+ </para>`
			`</refsect1>`

			`<refsect1 id='pam_tty_audit-examples'>`
			`--`
			`2.20.1`