Updated pam packages that add one enhancement are now available for Red Hat Enterprise Linux 6.
Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.
- During TTY auditing, it is usually not necessary or even not desirable to log passwords that are being entered by the audited operator. This update adds an enhancement to the pam_tty_audit PAM module, so that passwords entered in the TTY console are logged only in case the "log_passwd" option is used. As a result, passwords are no longer logged, unless the "log_passwd" option of pam_tty_audit is used. Note that this option is not available in kernel versions available prior to Red Hat Enterprise Linux 6.5.
Users of pam are advised to upgrade to these updated packages, which add this enhancement.