paul_hazelden Absent Member.
Absent Member.
11273 views

Authorizationhost DEBUGLOG stores clear text passwords

Hi
Server is OES11 Product version: eDirectory for Linux x86_64 v8.8 SP6 [DS]
Mac Pro running Lion 10.7.3
Kanaka downloaded and installed last week.

I am running a test of Kanaka, as we will be migrating to Lion over the summer and are looking for a simple solution for Logging in.

When I go to the logs on the client Mac to check for problems I have found that the secure.log file has in clear text my password, and if I log in as a different user that users password. The log file only deletes if I perform a shutdown and startup. If I restart the log file is still there, which means that a different user could access it and read any users password since the last shutdown.

Log location /var/logs/secure.log

I would like to know if there is a way of stopping this DEBUGLOG....
25/04/2012 13:12:12.340 authorizationhost: DEBUGLOG | -[HomeDirMounter mountNetworkHomeWithURL:attributes:dirPath:username:] | about to call _premountHomedir. url = afp://<SERVER INFO>, userPathComponent = <HOME FOLDER>, userID = <NUMBER>, name = <SHORTNAME>, passwordAsUTF8String = <CLEAR TEXT PASSWORD>

I have put the entire log from startup to the user being logged in below I have replaced the sensitive data in the same manner as the above line.
Is it something I have missed in setting up?
Any help in stopping this problem would be greatly appreciated.
Many thanks
Paul

25/04/2012 13:11:44.034 UserEventAgent: starting CaptiveNetworkSupport as SystemEventAgent built May 25 2011 12:27:35
25/04/2012 13:11:44.229 UserEventAgent: CaptiveNetworkSupport:CaptiveSCCopyWiFiDevices:388 WiFi Device Name == NULL
25/04/2012 13:11:44.000 kernel: Darwin Kernel Version 11.3.0: Thu Jan 12 18:47:41 PST 2012; root:xnu-1699.24.23~1/RELEASE_X86_64
25/04/2012 13:11:44.000 kernel: vm_page_bootstrap: 1007691 free pages and 32693 wired pages
25/04/2012 13:11:44.000 kernel: kext submap [0xffffff7f8072f000 - 0xffffff8000000000], kernel text [0xffffff8000200000 - 0xffffff800072f000]
25/04/2012 13:11:44.000 kernel: zone leak detection enabled
25/04/2012 13:11:44.000 kernel: standard timeslicing quantum is 10000 us
25/04/2012 13:11:44.000 kernel: mig_table_max_displ = 73
25/04/2012 13:11:44.000 kernel: AppleACPICPU: ProcessorId=0 LocalApicId=0 Enabled
25/04/2012 13:11:44.000 kernel: AppleACPICPU: ProcessorId=1 LocalApicId=1 Enabled
25/04/2012 13:11:44.000 kernel: AppleACPICPU: ProcessorId=2 LocalApicId=2 Enabled
25/04/2012 13:11:44.000 kernel: AppleACPICPU: ProcessorId=3 LocalApicId=3 Enabled
25/04/2012 13:11:44.000 kernel: AppleACPICPU: ProcessorId=4 LocalApicId=7 Enabled
25/04/2012 13:11:44.000 kernel: AppleACPICPU: ProcessorId=5 LocalApicId=6 Enabled
25/04/2012 13:11:44.000 kernel: AppleACPICPU: ProcessorId=6 LocalApicId=5 Enabled
25/04/2012 13:11:44.000 kernel: AppleACPICPU: ProcessorId=7 LocalApicId=4 Enabled
25/04/2012 13:11:44.000 kernel: calling mpo_policy_init for TMSafetyNet
25/04/2012 13:11:44.000 kernel: Security policy loaded: Safety net for Time Machine (TMSafetyNet)
25/04/2012 13:11:44.000 kernel: calling mpo_policy_init for Sandbox
25/04/2012 13:11:44.000 kernel: Security policy loaded: Seatbelt sandbox policy (Sandbox)
25/04/2012 13:11:44.000 kernel: calling mpo_policy_init for Quarantine
25/04/2012 13:11:44.000 kernel: Security policy loaded: Quarantine policy (Quarantine)
25/04/2012 13:11:44.000 kernel: Copyright (c) 1982, 1986, 1989, 1991, 1993
25/04/2012 13:11:44.000 kernel: The Regents of the University of California. All rights reserved.
25/04/2012 13:11:44.000 kernel: MAC Framework successfully initialized
25/04/2012 13:11:44.000 kernel: using 16384 buffer headers and 10240 cluster IO buffer headers
25/04/2012 13:11:44.000 kernel: IOAPIC: Version 0x20 Vectors 64:87
25/04/2012 13:11:44.000 kernel: ACPI: System State [S0 S3 S4 S5] (S3)
25/04/2012 13:11:44.000 kernel: PFM64 (38 cpu) 0x3f10000000, 0xf0000000
25/04/2012 13:11:44.000 kernel: [ PCI configuration begin ]
25/04/2012 13:11:44.000 kernel: AppleIntelCPUPowerManagement: (built 18:56:37 Jan 12 2012) initialization complete
25/04/2012 13:11:44.000 kernel: console relocated to 0x3f10010000
25/04/2012 13:11:44.000 kernel: PCI configuration changed (bridge=2 device=1 cardbus=0)
25/04/2012 13:11:44.000 kernel: [ PCI configuration end, bridges 15 devices 26 ]
25/04/2012 13:11:44.000 kernel: FireWire runtime power conservation disabled. (2)
25/04/2012 13:11:44.000 kernel: mbinit: done [64 MB total pool size, (42/21) split]
25/04/2012 13:11:44.000 kernel: Pthread support ABORTS when sync kernel primitives misused
25/04/2012 13:11:44.000 kernel: com.apple.AppleFSCompressionTypeZlib kmod start
25/04/2012 13:11:44.000 kernel: com.apple.AppleFSCompressionTypeDataless kmod start
25/04/2012 13:11:44.000 kernel: com.apple.AppleFSCompressionTypeZlib load succeeded
25/04/2012 13:11:44.000 kernel: com.apple.AppleFSCompressionTypeDataless load succeeded
25/04/2012 13:11:44.000 kernel: AppleIntelCPUPowerManagementClient: ready
25/04/2012 13:11:44.000 kernel: FireWire (OHCI) TI ID 823f built-in now active, GUID 001ff3fffe718fc8; max speed s800.
25/04/2012 13:11:44.000 kernel: rooting via boot-uuid from /chosen: F0632429-D5AC-3AD4-BF85-07C48CFFEA21
25/04/2012 13:11:44.000 kernel: Waiting on <dict ID="0"><key>IOProviderClass</key><string ID="1">IOResources</string><key>IOResourceMatch</key><string ID="2">boot-uuid-media</string></dict>
25/04/2012 13:11:44.000 kernel: Got boot device = IOService:/AppleACPIPlatformExpert/PCI0@0/AppleACPIPCI/SATA@1F,2/AppleAHCI/PRT0@0/IOAHCIDevice@0/AppleAHCIDiskDriver/IOAHCIBlockStorageDevice/IOBlockStorageDriver/WDC WD3200AAJS-41VWA0 Media/IOGUIDPartitionScheme/Customer@2
25/04/2012 13:11:44.000 kernel: BSD root: disk0s2, major 14, minor 2
25/04/2012 13:11:44.000 kernel: Kernel is LP64
25/04/2012 13:11:44.000 kernel: [IOBluetoothHCIController::setConfigState] calling registerService
25/04/2012 13:11:44.000 kernel: CSRUSBBluetoothHCIController::setupHardware super returned 0
25/04/2012 13:11:34.726 com.apple.launchd: *** launchd[1] has started up. ***
25/04/2012 13:11:43.704 com.apple.launchd: (com.sassafras.KeyAccess.daemon) Unknown key for boolean: HopefullyExitsFirst
25/04/2012 13:11:43.707 com.apple.launchd: (com.apple.sandboxd) Unknown value for key POSIXSpawnType: Interactive
25/04/2012 13:11:45.000 kernel: AppleIntel8254XEthernet: Ethernet address <ADDRESS>
25/04/2012 13:11:45.000 kernel: AppleIntel8254XEthernet: Ethernet address <ADDRESS>
25/04/2012 13:11:47.466 mDNSResponder: mDNSResponder mDNSResponder-320.14.0 (Nov 16 2011 01:16:56) starting OSXVers 11
25/04/2012 13:11:48.000 kernel: Previous Shutdown Cause: 5
25/04/2012 13:11:48.595 UserEventAgent: CaptiveNetworkSupport:CaptiveSCCopyWiFiDevices:388 WiFi Device Name == NULL
25/04/2012 13:11:48.849 UserEventAgent: CaptiveNetworkSupport:CaptiveSCCopyWiFiDevices:388 WiFi Device Name == NULL
25/04/2012 13:11:48.854 configd: setting hostname to "JWB218MC04"
25/04/2012 13:11:48.000 kernel: DSMOS has arrived
25/04/2012 13:11:48.857 configd: network configuration changed.
25/04/2012 13:11:48.000 kernel: Ethernet [Intel8254X]: Link down on en0
25/04/2012 13:11:48.000 kernel: ** Device in slot: SLOT-1 **
25/04/2012 13:11:49.290 com.apple.SecurityServer: Session 100000 created
25/04/2012 13:11:50.141 com.apple.kextd: /Volumes/Macintosh HD 10.8: unrecognized bootcaches.plist data; skipping.
25/04/2012 13:11:51.000 kernel: Ethernet [Intel8254x]: Link up on en0, 1-Gigabit, Full-duplex, Symmetric flow-control, Debug [792d,af48,0de1,0e00,c5e1,2c00]
25/04/2012 13:11:52.622 com.apple.SecurityServer: Entering service
25/04/2012 13:11:52.652 systemkeychain: done file: /var/run/systemkeychaincheck.done
25/04/2012 13:11:52.664 configd: network configuration changed.
25/04/2012 13:11:52.665 configd: network configuration changed.
25/04/2012 13:11:52.667 mDNSResponder: D2D_IPC: Loaded
25/04/2012 13:11:52.667 mDNSResponder: D2DInitialize succeeded
25/04/2012 13:11:52.717 com.apple.pfctl: No ALTQ support in kernel
25/04/2012 13:11:52.717 com.apple.pfctl: ALTQ related functions disabled
25/04/2012 13:11:52.717 com.apple.ucupdate.plist: ucupdate: Checked 1 update, no match found.
25/04/2012 13:11:52.858 com.apple.usbmuxd: usbmuxd-268.5 on Jan 5 2012 at 03:34:01, running 64 bit
25/04/2012 13:11:53.000 kernel: macx_swapon SUCCESS
25/04/2012 13:11:53.985 UserEventAgent: ServermgrdRegistration cannot load config data
25/04/2012 13:11:53.990 UserEventAgent: get_backup_share_points no AFP
25/04/2012 13:11:54.188 mds: (Normal) FMW: FMW 0 0
25/04/2012 13:11:54.869 xpchelper: for uid: 222 -- timeout while waiting on FSEvents flush; clearing cache.
25/04/2012 13:11:55.369 com.apple.locationd: ERROR,Time,357048715.368,Function,"_Apple80211* CLWifiService::createApple80211()",Apple80211GetIfListCopy failed, error -3903 (Unknown error: -3903)
25/04/2012 13:11:55.369 com.apple.locationd: STACK,Time,357048715.369,1 locationd 0x00000001011da583 locationd + 624003
25/04/2012 13:11:55.369 com.apple.locationd: STACK,Time,357048715.369,2 locationd 0x00000001011da719 locationd + 624409
25/04/2012 13:11:55.369 com.apple.locationd: STACK,Time,357048715.369,3 libdispatch.dylib 0x00007fff849dcaad _dispatch_barrier_sync_f_invoke + 33
25/04/2012 13:11:55.369 com.apple.locationd: STACK,Time,357048715.369,4 locationd 0x00000001011da9b0 locationd + 625072
25/04/2012 13:11:55.369 com.apple.locationd: STACK,Time,357048715.369,5 locationd 0x00000001011daa10 locationd + 625168
25/04/2012 13:11:55.369 com.apple.locationd: STACK,Time,357048715.369,6 libsystem_c.dylib 0x00007fff8be3de06 pthread_once + 86
25/04/2012 13:11:55.369 com.apple.locationd: STACK,Time,357048715.369,7 locationd 0x00000001011daa47 locationd + 625223
25/04/2012 13:11:55.369 com.apple.locationd: STACK,Time,357048715.369,8 locationd 0x00000001011cf3ac locationd + 578476
25/04/2012 13:11:55.369 com.apple.locationd: STACK,Time,357048715.369,9 locationd 0x00000001011cf53f locationd + 578879
25/04/2012 13:11:55.369 com.apple.locationd: STACK,Time,357048715.369,10 libsystem_c.dylib 0x00007fff8be3de06 pthread_once + 86
25/04/2012 13:11:55.369 com.apple.locationd: STACK,Time,357048715.369,11 locationd 0x00000001011cf509 locationd + 578825
25/04/2012 13:11:55.369 com.apple.locationd: STACK,Time,357048715.369,12 locationd 0x000000010118c52a locationd + 304426
25/04/2012 13:11:55.369 com.apple.locationd: STACK,Time,357048715.369,13 locationd 0x000000010116d653 locationd + 177747
25/04/2012 13:11:55.369 com.apple.locationd: STACK,Time,357048715.369,14 locationd 0x000000010116da08 locationd + 178696
25/04/2012 13:11:55.369 com.apple.locationd: STACK,Time,357048715.369,15 locationd 0x000000010116e1b2 locationd + 180658
25/04/2012 13:11:55.369 com.apple.locationd: STACK,Time,357048715.369,16 locationd 0x000000010119f32c locationd + 381740
25/04/2012 13:11:55.369 com.apple.locationd: STACK,Time,357048715.369,17 locationd 0x0000000101143fd8 locationd + 8152
25/04/2012 13:11:55.369 com.apple.locationd: STACK,Time,357048715.369,18 ??? 0x0000000000000001 0x0 + 1
25/04/2012 13:11:55.430 loginwindow: Login Window Application Started
25/04/2012 13:11:55.976 UserEventAgent: Registered Workstation service - JWB218MC04 [<ADDRESS>]._workstation._tcp.
25/04/2012 13:11:56.444 configd: network configuration changed.
25/04/2012 13:11:56.781 rpcsvchost: sandbox_init: com.apple.msrpc.netlogon.sb succeeded
25/04/2012 13:11:57.703 com.apple.launchd: (com.apple.netbiosd[89]) Exited abnormally: Hangup: 1
25/04/2012 13:11:57.703 com.apple.launchd: (com.apple.netbiosd) Throttling respawn: Will start in 5 seconds
25/04/2012 13:11:57.721 loginwindow: **DMPROXY** Found `/System/Library/CoreServices/DMProxy'.
25/04/2012 13:11:57.959 com.apple.launchctl.LoginWindow: com.apple.findmymacmessenger: Already loaded
25/04/2012 13:11:58.125 ScreensharingAgent: [CL_INVALID_DEVICE] : OpenCL Error : Failed to create context! Invalid device
25/04/2012 13:11:58.142 com.apple.SecurityServer: Session 100005 created
25/04/2012 13:11:58.312 screensharingd: Authentication: SUCCEEDED :: User Name: <ADMINISTRATOR> :: Viewer Address: <IP ADDRESS> :: Type: DH
25/04/2012 13:11:58.316 loginwindow: Login Window Started Security Agent
25/04/2012 13:11:58.326 screensharingd: 3891612: (connectAndCheck) Untrusted apps are not allowed to connect to or launch Window Server before login.
25/04/2012 13:11:58.326 screensharingd: kCGErrorFailure: Set a breakpoint @ CGErrorBreakpoint() to catch errors as they are logged.
25/04/2012 13:11:58.401 SecurityAgent: Echo enabled
25/04/2012 13:11:58.401 SecurityAgent: Echo enabled
25/04/2012 13:11:59.142 WindowServer: kCGErrorFailure: Set a breakpoint @ CGErrorBreakpoint() to catch errors as they are logged.
25/04/2012 13:12:01.558 ntpd: proto: precision = 1.000 usec
25/04/2012 13:12:01.686 com.apple.launchd: (com.apple.xprotectupdater[77]) Exited with code: 253
25/04/2012 13:12:02.172 LANrevAgentInventoryHelper: 3891612: (connectAndCheck) Untrusted apps are not allowed to connect to or launch Window Server before login.
25/04/2012 13:12:02.172 LANrevAgentInventoryHelper: kCGErrorFailure: Set a breakpoint @ CGErrorBreakpoint() to catch errors as they are logged.
25/04/2012 13:12:02.198 KeyAccess: started
25/04/2012 13:12:02.256 LANrevAgentInventoryHelper: 3891612: (connectAndCheck) Untrusted apps are not allowed to connect to or launch Window Server before login.
25/04/2012 13:12:02.256 LANrevAgentInventoryHelper: kCGErrorFailure: Set a breakpoint @ CGErrorBreakpoint() to catch errors as they are logged.
25/04/2012 13:12:02.590 authorizationhost: SFBuiltinEntitled: softwareupdate is not entitled for system.install.app-store-software
25/04/2012 13:12:02.615 authorizationhost: SFBuiltinEntitled: softwareupdate is not entitled for system.install.app-store-software
25/04/2012 13:12:02.616 com.apple.SecurityServer: Failed to authorize right 'system.install.app-store-software' by client '/System/Library/PrivateFrameworks/PackageKit.framework/Versions/A/Resources/installd' [168] for authorization created by '/usr/sbin/softwareupdate' [165]
25/04/2012 13:12:04.819 LANrevAgentInventoryHelper: 3891612: (connectAndCheck) Untrusted apps are not allowed to connect to or launch Window Server before login.
25/04/2012 13:12:04.819 LANrevAgentInventoryHelper: kCGErrorFailure: Set a breakpoint @ CGErrorBreakpoint() to catch errors as they are logged.
25/04/2012 13:12:04.842 LANrevAgentInventoryHelper: 3891612: (connectAndCheck) Untrusted apps are not allowed to connect to or launch Window Server before login.
25/04/2012 13:12:04.842 LANrevAgentInventoryHelper: kCGErrorFailure: Set a breakpoint @ CGErrorBreakpoint() to catch errors as they are logged.
25/04/2012 13:12:04.865 LANrevAgentInventoryHelper: 3891612: (connectAndCheck) Untrusted apps are not allowed to connect to or launch Window Server before login.
25/04/2012 13:12:04.865 LANrevAgentInventoryHelper: kCGErrorFailure: Set a breakpoint @ CGErrorBreakpoint() to catch errors as they are logged.
25/04/2012 13:12:04.887 LANrevAgentInventoryHelper: 3891612: (connectAndCheck) Untrusted apps are not allowed to connect to or launch Window Server before login.
25/04/2012 13:12:04.887 LANrevAgentInventoryHelper: kCGErrorFailure: Set a breakpoint @ CGErrorBreakpoint() to catch errors as they are logged.
25/04/2012 13:12:04.915 com.poleposition-sw.LANrevAgent: grep: /private/var/db/smb.conf: No such file or directory
25/04/2012 13:12:04.919 com.poleposition-sw.LANrevAgent: grep: /private/var/db/smb.conf: No such file or directory
25/04/2012 13:12:04.975 com.poleposition-sw.LANrevAgent: 2012-04-25 13:12:04.975 LANrev Agent[107:107] <2> - GetADInfoFromCache: exception: Unknown error (Error=-14008).
25/04/2012 13:12:05.708 LANrevAgentInventoryHelper: 3891612: (connectAndCheck) Untrusted apps are not allowed to connect to or launch Window Server before login.
25/04/2012 13:12:05.708 LANrevAgentInventoryHelper: kCGErrorFailure: Set a breakpoint @ CGErrorBreakpoint() to catch errors as they are logged.
25/04/2012 13:12:06.049 LANrevAgentInventoryHelper: 3891612: (connectAndCheck) Untrusted apps are not allowed to connect to or launch Window Server before login.
25/04/2012 13:12:06.049 LANrevAgentInventoryHelper: kCGErrorFailure: Set a breakpoint @ CGErrorBreakpoint() to catch errors as they are logged.
25/04/2012 13:12:11.342 SecurityAgent: User info context values set for <SHORTNAME>
25/04/2012 13:12:11.342 SecurityAgent: User info context values set for <SHORTNAME>
25/04/2012 13:12:12.233 SecurityAgent: Login Window login proceeding
25/04/2012 13:12:12.233 SecurityAgent: Login Window login proceeding
25/04/2012 13:12:12.303 authorizationhost: DEBUGLOG | -[HomeDirMounter mountHomeDirectoryForUser:atPath:homeLocation:] | name = <SHORTNAME>, path = <SERVER INFO>, homeLoc = <home_dir><url>afp://j<SERVER INFO></url><path><HOME FOLDER></path></home_dir>
25/04/2012 13:12:12.303 authorizationhost: DEBUGLOG | -[HomeDirMounter setNeedsToUnmountDirVolumeAtLogout:] | mounter calling mechanism to setNeedsToUnmountDirVolumeAtLogout to 0
25/04/2012 13:12:12.303 authorizationhost: DEBUGLOG | -[HomeDirMounter mountHomeDirectoryForUser:atPath:homeLocation:] | urlAttribute = afp://<SERVER INFO>
25/04/2012 13:12:12.303 authorizationhost: DEBUGLOG | -[HomeDirMounter mountHomeDirectoryForUser:atPath:homeLocation:] | homeDirMajorType = 3
25/04/2012 13:12:12.303 authorizationhost: DEBUGLOG | -[HomeDirMounter mountNetworkHomeWithURL:attributes:dirPath:username:] | urlAttribute = afp://<SERVER INFO>, homeDirPathAsUTF8String = <SERVER INFO>, name = <SHORTNAME>
25/04/2012 13:12:12.303 authorizationhost: DEBUGLOG | -[HomeDirMounter setHomeDirType:] | setHomeDirType to 3
25/04/2012 13:12:12.340 authorizationhost: DEBUGLOG | -[HomeDirMounter mountNetworkHomeWithURL:attributes:dirPath:username:] | about to call _premountHomedir. url = afp://<SERVER INFO>, userPathComponent = <HOME FOLDER>, userID = <NUMBER>, name = <SHORTNAME>, passwordAsUTF8String = <CLEAR TEXT PASSWORD>
25/04/2012 13:12:12.340 authorizationhost: DEBUGLOG | set_gss_port_to_user_gss_agent | setting gss_port
25/04/2012 13:12:12.373 authorizationhost: DEBUGLOG | -[HomeDirMounter mountNetworkHomeWithURL:attributes:dirPath:username:] | setting gss_port done: 16919 (saved_port)
25/04/2012 13:12:12.966 xpchelper: Could not get real path of user account (uid: <NUMBER>) home directory: <SERVER INFO>; error: The operation couldn’t be completed. No such file or directory. Using home directory.
25/04/2012 13:12:13.088 com.apple.coreservicesd: 2012-04-25 13:12:13.086 lsregister[340:303] CFPreferences: user home directory at file://localhost<SERVER INFO>/ is unavailable. User domains will be volatile.
25/04/2012 13:12:13.000 kernel: AppleSRP started.
25/04/2012 13:12:14.202 authorizationhost: DEBUGLOG | -[HomeDirMounter mountNetworkHomeWithURL:attributes:dirPath:username:] | setting gss_port back: 16919
25/04/2012 13:12:14.202 authorizationhost: DEBUGLOG | -[HomeDirMounter mountNetworkHomeWithURL:attributes:dirPath:username:] | methodResult = 0
25/04/2012 13:12:14.202 authorizationhost: DEBUGLOG | -[HomeDirMounter mountHomeDirectoryForUser:atPath:homeLocation:] | returning 0
25/04/2012 13:12:14.202 authorizationhost: DEBUGLOG | -[HomeDirMechanism invoke] | mountHomeDirectoryForUser returns 0
25/04/2012 13:12:14.202 authorizationhost: DEBUGLOG | -[HomeDirMechanism updateAndUnlockKeychain] | updateAndUnlockKeychain
25/04/2012 13:12:14.202 authorizationhost: DEBUGLOG | -[HomeDirMechanism launchHomeDirFixerToolIfNeeded:] | launchHomeDirFixerToolIfNeeded called with 0
25/04/2012 13:12:14.000 kernel: AFP_VFS afpfs_mount: <SERVER INFO>, pid 336
25/04/2012 13:12:16.178 loginwindow: Login Window - Returned from Security Agent
Labels (1)
0 Likes
10 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Authorizationhost DEBUGLOG stores clear text passwords

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

One option to change this.... delete the file and then symlink from it
to /dev/null:

ln -s /dev/null /your/path/here/to/secure.log

Is this something you can duplicate on any other Mac? Are you using the
plugin for logins or just the desktop client application?

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPmUX7AAoJEF+XTK08PnB59ioP/3s4BZ7oersxZNWld7gcOM4L
pHGX0uwQp6i9Q5EDpxg7URKtSEDYSkMUjj/K1avSFYdpbP/7GCeBoKiNsTMYnJWa
zYaa88fLctCCroczvN4/ijiQuWxZFJYhBsza2Vc337EJzOP8/2zLpfVmh17OFw9v
pc0d8a661Wx8Jp0EJ7HqznVG0xpfzz3EVMBJ3vrfvz5vmZvkZkZDruuojRLtHlB1
SD8rYlU+FyQA9ZBXUlmT1XW0yFBkC4bWGEyzIdN48QkWQL2F1hDAmfu2vY1OQPf/
N4J2VE3tuuEO7iPXYGzFvujqw9dqZU9F78My5hgck5vlfOwNqTYKVZzJpAuxc8Ld
Px4FndVrQV7DvMZNQ9URGOEl8svoCrYem4PBn//tzBpCijM1IoWWWmMNPSSt9zU4
nA/ISUZKMosX7b25azjJmc2LTjvC6gyXnrTuGz5EZ78o/V+lM0rLgv/0IWsolBRq
dAhYa/h7LhpSVAunToh3ef0awLD/NPKqlsHlbEcbuMXlaogvOOc3+95m6Czbqp1q
GyiU6pZhNIeHiyceW83ojXvCRyKkEgmuzNvotT/jGzTRh8T4djcG6SvNmQhtjttw
oIaQzIoeCNrHXfW7CsiTSB3tlmLEJk/d2IWkhx2aVb3mGgnpiZYUxpQgdr4CXC7o
z+dvDVyS5pIsVrgXe0MS
=AuTF
-----END PGP SIGNATURE-----
0 Likes
paul_hazelden Absent Member.
Absent Member.

Re: Authorizationhost DEBUGLOG stores clear text passwords

I am in the process of installing a different Mac. I will let you know how that goes. We are using the plug-in for logins.
Thanks
0 Likes
paul_hazelden Absent Member.
Absent Member.

Re: Authorizationhost DEBUGLOG stores clear text passwords

I now have a second Mac up and running and I have checked it, and the log file also has the password in plain text. This one is an i5 imac also running 10.7.3, clean install with Kanaka as the only authentication method.

Thanks again for any help
Paul
0 Likes
Highlighted
matthewdefoor Absent Member.
Absent Member.

Re: Authorizationhost DEBUGLOG stores clear text passwords

Paul,

What is the GID of the users that you are logging in with? How do you have Kanaka configured? If everyone is getting a GID of 80, then it is perfectly understandable why they can read the file. In Mac OS X, all admins have rights to read all log files. If your end users will only be "staff" with a GID of 20, then they shouldn't be able to read the log file.

Of course, this isn't a fix for what appears to be a larger Mac OS X bug where they are logging passwords in clear text. To address this bug, I suggest that you file a radar with Apple at http://bugreport.apple.com.

Cheers,
Matt
0 Likes
Knowledge Partner
Knowledge Partner

Re: Authorizationhost DEBUGLOG stores clear text passwords

On 26/04/2012 15:36, paul hazelden wrote:

> I now have a second Mac up and running and I have checked it, and the
> log file also has the password in plain text. This one is an i5 imac
> also running 10.7.3, clean install with Kanaka as the only
> authentication method.


This doesn't appear to be a Kanaka-issue as a quick search found one
other reference to this in a post on 06-Feb-2012 to the Apple Support
Communities site but with no replies. See
https://discussions.apple.com/thread/3715366

HTH.
--
Simon
Novell/SUSE/NetIQ Knowledge Partner

------------------------------------------------------------------------
Do you work with Novell technologies at a university, college or school?
If so, your campus could benefit from joining the Novell Technology
Transfer Partner (TTP) program. See novell.com/ttp for more details.
------------------------------------------------------------------------
0 Likes
simonpalmer123 Absent Member.
Absent Member.

Re: Authorizationhost DEBUGLOG stores clear text passwords

Agreed, working with Paul on this, we've connected a freshly installed client to an OD Server (on 10.6.7), and seen exactly the same thing. No other software on the Lion at all. It appears to be the mounting of the network home directory that's causing the debug log message. Local logins don't show up. Paul has reported to Apple. I think we'll be doing something like sed -i '/passwordAsUTF8String.*/d' /var/log/secure in our login and logout hooks for now...
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Authorizationhost DEBUGLOG stores clear text passwords

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Simon,

<response source="apple" likelihood="expected">
You're completely breaking the desired feature in this case. This is
how Apple implements the Forgotten Password feature that Novell has in
IDM, SSPR, PMF, and other NMAS-enabled products. For this reason it
only shows up on network accounts because local account passwords could
be reset by a regular workstation user. We will soon have an iOS
application that logs in via a backdoor in every Mac to find the last
password used for the system and display it on your mobile device.
There is also a third-party product, Flashback, which can steal......
er, retrieve passwords as well.

- -Apple, "Think Different"
</quote>

😉

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPmqdSAAoJEF+XTK08PnB5Ux8QAMbmElN8eyyqvnM18CF7yEXN
RuBMmJqYxpxsPxMR4oqPt9zkl7DyaWn+ZMG/8NhdmGmRdS/yjuUuoaGrmf4XsanX
n/M18FLtJK+5S2dLh3ox8Gb7I3dbjyzyL1qgB6CDKi9KXvEqOg1gGPDpU4F78wuW
Cb8W1jNVTG1kloD8eL6kyQN/ByPCbX6Rv8lQQWg5SXEW5XnJwFkyCsRFPXDEBEKb
oo73I2nV5mOY9TAfmE1j86RUCiI14bxAzLBeCF1c0KAx1hO/6pFuRT4zm1mK7bMN
RBxhIVFsj3CKWCvsQ2uXWY/Q2GixvGQ8rkZ26y8J6uY/Fav0btAe4whD4dqxFXk6
2UGJsz7JbtmWA/BMtR1mhvIKLLEIooHXsVwPAIiiH2tgziceRXkc5yNiTDudXcCy
zK64cZSrAj/r2BQM1HHprcKdiP9/TyPILTjHwFJvUTn5HRUKhtMxBrjHfTfeH/ZQ
kwe5A1GNeVsit0RQsANF1Zh0MBttu8ugu9FrGhqeS63bpz9lGx0c9cc5GHPAV1c/
SHbXKZYAt8XpjIigDBiBuhvOa5WbwxhZVAn7KkwLHwdeNb0JXy1fnw5yfLFLie0f
TPP9R+7A+OITAHTSe32tqBeSjzBR/4vfFPy+OXqEvIbpKpV+CBHPMqHVLVouHvni
KdpFFZ4w1JuOVkFK6Xjo
=65aI
-----END PGP SIGNATURE-----
0 Likes
paul_hazelden Absent Member.
Absent Member.

Re: Authorizationhost DEBUGLOG stores clear text passwords

Hi

I have now run a test with the Beta combo update "os_x_10.7.4_build_11e52_combo_update".

I tried with the xserve, no Kanaka. I also used our eDirectory with Kanaka.

The DEBUGLOG lines are all missing from the logs. and there are no clear text passwords in the logs.

I think that Apple have fixed it, but are not going to say anything. Hopefully they will keep the fix in the final release.

As we are going to be migrating to Lion over the summer, they should have the combo update out and available by then. But for those out there who fix their OSX builds now and are not going to update the OS, please beware of this issue in 10.7.3.

Many thanks for the replies
Paul
0 Likes
Knowledge Partner
Knowledge Partner

Re: Authorizationhost DEBUGLOG stores clear text passwords

On 27/04/2012 13:16, Simon Flood wrote:

> This doesn't appear to be a Kanaka-issue as a quick search found one
> other reference to this in a post on 06-Feb-2012 to the Apple Support
> Communities site but with no replies. See
> https://discussions.apple.com/thread/3715366


FYI this is supposedly fixed in OS X Lion 10.7.4 Update that Apple just
released though it's not listed as an included fix @
http://support.apple.com/kb/HT5167

HTH.
--
Simon
Novell/SUSE/NetIQ Knowledge Partner

------------------------------------------------------------------------
Do you work with Novell technologies at a university, college or school?
If so, your campus could benefit from joining the Novell Technology
Transfer Partner (TTP) program. See novell.com/ttp for more details.
------------------------------------------------------------------------
0 Likes
Knowledge Partner
Knowledge Partner

Re: Authorizationhost DEBUGLOG stores clear text passwords

On 10/05/2012 15:56, Simon Flood wrote:

> FYI this is supposedly fixed in OS X Lion 10.7.4 Update that Apple just
> released though it's not listed as an included fix @
> http://support.apple.com/kb/HT5167


It's noted @ http://support.apple.com/kb/HT5281 (which has yet to be
linked into Apple's Security Updates page @
http://support.apple.com/kb/HT1222 )

--begin--
OS X Lion v10.7.4 and Security Update 2012-002

* Login Window

Available for: OS X Lion v10.7.3, OS X Lion Server v10.7.3

Impact: Remote admins and persons with physical access to the system
may obtain account information

Description: An issue existed in the handling of network account
logins. The login process recorded sensitive information in the system
log, where other users of the system could read it. The sensitive
information may persist in saved logs after installation of this update.
This issue only affects systems running OS X Lion v10.7.3 with users of
Legacy File Vault and/or networked home directories. See
http://support.apple.com/kb/TS4272 for more information about how to
securely remove any remaining records.

CVE-ID

CVE-2012-0652 : Terry Reeves and Tim Winningham of the Ohio State
University, Markus 'Jaroneko' Räty of the Finnish Academy of Fine Arts,
Jaakko Pero of Aalto University, Mark Cohen of Oregon State University,
Paul Nelson
---end---

Apple suggest that to remove previously logged passwords you delete the
relevant log files and then erase the disk space.

HTH.
--
Simon
Novell/SUSE/NetIQ Knowledge Partner

------------------------------------------------------------------------
Do you work with Novell technologies at a university, college or school?
If so, your campus could benefit from joining the Novell Technology
Transfer Partner (TTP) program. See novell.com/ttp for more details.
------------------------------------------------------------------------
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.