Running SunGard Banner software on RHEL 4.2 x86-32 bit Linux server Oracle Application 10.1.2.3 samba enabled. Users run processes/reports that are logged in a daily log file. In our daily job submission log files the user password shows up as clear text. The password shows up as $PSWD (sample from the logfile):
$JOB
$BANUID
$PSWD
$ONE_UP
$PROG
$PRNT
+ rcrtp11.shl
mpickrel
password
1215581
RCRTP11
default
And password shows up as value [3] here:
BASH_ARGV=([0]="LANDSCAPE" [1]="default" [2]="1215583" [3]="password" [4]="mpickrel" [5]="P" [6]="rnein11")
I noticed that the Linux smb.conf file has this value:
encrypted passwords = No
Would changing this value to True keep these passwords from showing up in the logs as clear text? Some programmers have access to these logs to assist users and troubleshoot problems. I don’t like that but right now it is the way things are. Any other way to remove or hide these passwords as the logs are created?
Thank you
Curt Swartzlander
Northwest Arkansas Community College
Bentonville, AR
cswartzlander@nwacc.edu
DBA