In Beaker 0.13 and earlier, the server-debug logs need to be treated as containing sensitive data, as they record such data when clients use password based authentication (rather than Kerberos ticket based authorisation). This has been fixed for 0.14 (see http://gerrit.beaker-project.org/#/c/2101/) to avoid capturing the unneeded sensitive details.
Verify: server-debug.log:Jul 27 03:39:27 beaker-devel beaker-server[14185]: bkr.server.xmlrpccontroller DEBUG Time: 0:00:00.000122 auth.renew_session Version: beaker-server-0.13.2-1.git.81.54e9513.el6eng.noarch beaker-0.13.2-1.git.72.7543e3e.el6.noarch beaker-server-redhat-0.1.14-1.git.3.ff982cb.el6.noarch
Beaker 0.14.1 has been released.