I notice the audit log appears to log passwords in the clear when IQ logging is enabled, at least with certain clients (centericq, for example). Wouldn’'t it be wiser not to do that? Is this tweakable?
As I understand it, the audit log is a log of all of the raw XML streams that go through the server, so if the password is sent cleartext in the XML stream, its going to get logged that way.
I can’'t speak to what can be done to tweak that.
–
Jeff