commit 947b31e9494c198cffc6b4917ecf8723a5ad4486 Author: Richard Guy Briggs <rgb(a)redhat.com&gt; Date: Fri Jun 21 08:29:00 2013 -0400 pam_tty_audit: add an option to control logging of passwords: log_passwd On Fri, Jun 21, 2013 at 04:38:16AM +0400, Dmitry V. Levin wrote: > On Tue, Jun 11, 2013 at 11:30:43AM -0400, Richard Guy Briggs wrote: > > On Mon, Jun 10, 2013 at 04:59:37PM -0400, Richard Guy Briggs wrote: > > > On Wed, Jun 05, 2013 at 02:54:09AM +0400, Dmitry V. Levin wrote: > > > > On Thu, May 23, 2013 at 10:29:59AM -0400, Richard Guy Briggs wrote: > > > > > Most commands are entered one line at a time and processed as complete lines > > > > > in non-canonical mode. Commands that interactively require a password, enter > > > > > canonical mode with echo set to off to do this. This feature (icanon and > > > > > !echo) can be used to avoid logging passwords by audit while still logging the > > > > > rest of the command. > > > > > > > > > > Adding a member to the struct audit_tty_status passed in by pam_tty_audit > > > > > allows control of logging passwords per task. > > > > > > > > Sorry for the long delay with review. Please see my comments below. > > > > > > Ditto... > > > > Please find a new patch at the end... > > The patch looks OK. If commit message contained a ChangeLog-style entry > for the change (see README-hacking file), it would be ready for commit. Here you go: