pam_tty_audit: Manual page clarification about password logging

* modules/pam_tty_audit/pam_tty_audit.8.xml: Explanation why passwords can be sometimes logged even when the option is not set.
author: Tomas Mraz <tmraz@fedoraproject.org> 2019-08-07 18:13:57 +0200
committer: Tomas Mraz <tmraz@fedoraproject.org> 2019-08-07 18:13:57 +0200
commit: e31dd6c7d0faa7a06d3ebd50a0b6957b9f822d15 (patch)
tree: 7080183aa001a2384d5cf282f653ea0c7828ccdc
parent: 27d04a849fd9f9cfd4b35eb80d687817830183df (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/modules/pam_tty_audit/pam_tty_audit.8.xml b/modules/pam_tty_audit/pam_tty_audit.8.xml
index 59a3406d..e346c689 100644
--- a/modules/pam_tty_audit/pam_tty_audit.8.xml
+++ b/modules/pam_tty_audit/pam_tty_audit.8.xml
@@ -149,6 +149,13 @@
       greater than or equal to <replaceable>min_uid</replaceable> will be
       matched.
     </para>
+    <para>
+      Please note that passwords in some circumstances may be logged by TTY auditing
+      even if the <option>log_passwd</option> is not used. For example, all input to
+      an ssh session will be logged - even if there is a password being typed into
+      some software running at the remote host because only the local TTY state
+      affects the local TTY auditing.
+    </para>
   </refsect1>
 
   <refsect1 id='pam_tty_audit-examples'>
author	Tomas Mraz <tmraz@fedoraproject.org>	2019-08-07 18:13:57 +0200
committer	Tomas Mraz <tmraz@fedoraproject.org>	2019-08-07 18:13:57 +0200
commit	e31dd6c7d0faa7a06d3ebd50a0b6957b9f822d15 (patch)
tree	7080183aa001a2384d5cf282f653ea0c7828ccdc
parent	27d04a849fd9f9cfd4b35eb80d687817830183df (diff)