Red Hat Bugzilla – Bug 989271
Avoid logging sensitive details when using password based authentication
Last modified: 2013-08-08 23:23:48 EDT
In Beaker 0.13 and earlier, the server-debug logs need to be treated as containing sensitive data, as they record such data when clients use password based authentication (rather than Kerberos ticket based authorisation).
This has been fixed for 0.14 (see http://gerrit.beaker-project.org/#/c/2101/) to avoid capturing the unneeded sensitive details.
server-debug.log:Jul 27 03:39:27 beaker-devel beaker-server: bkr.server.xmlrpccontroller DEBUG Time: 0:00:00.000122 auth.renew_session
Beaker 0.14.1 has been released.