Feature request: do not log the password in logfile or syslog

I am testing LDAP with RT 5.0. Because of some problem, the user is not able to be created.
By default, RT logs the username password in the log (either a log file or syslog). This is not desirable.

Related log:
HTML::Mason::Request::comp(undef, undef, “next”, “12345”, “pass”, “Your password!”, “user”, “testuser”) called at /opt/rt5/sbin/…/lib/RT/Interface/Web.pm line 321
RT::Interface::Web::HandleRequest(HASH(0x7f836b460d68)) called at /opt/rt5/share/html/autohandler line 53
HTML::Mason::Commands::ANON(“next”, “12345”, “user”, “testuser”, “pass”, “Your password!”) called at /usr/share/perl5/vendor_perl/HTML/Mason/Component.pm line 135

I would suggest it would not log password to the log file by default. Then have an option to enable the logging of the password.


What level is logging set to?

  1. It happens after I perform the installation. I did not change the logging level in RT_Config.pm. So it logs to syslog directly.

  2. It also happens when I set to LogToFile with warning level.