> Ah, ok. Kerberos and SSL certs aren't immune to that problem, though
> the secrets don't ever end up in the logs- but they still must be
> visible to the server process in order. Of course, if you already
> have access to the server process, there shouldn't be much to gain
> from the Kerberos secret, the RADIUS secret, the SSL private key, or
> the LDAP bind password..
Agreed. In our situation (government), though, we must export out
logs to enterprise logging services where auditors (that wouldn't
otherwise have access to the server/process) would be able to see it.
Despite the arguments of it being in another file...generally, having
clear-text secrets copied around to multiple places is a bad thing. I
think it should be easy to come to compromise...and we're willing to
put in the work once we do figure out the best course of action =)
Thanks!
S