This optional parameter specifies the format that is to be
used to log authentication successes in Filename when LogFormatHook is not
defined. You can use any of the special characters. For more information
about special characters, see
Section 3.3. Special formatters. %0 is replaced by
the message severity level, %1 by the reason string (usually an empty
string for success), and %2 by the tracing identifier. The default is
%l:%U:%P:OK
. This logs time stamp in long format, current
User-Name, decoded password and text OK.
CAUTION
The
default SuccessFormat logs the plaintext password entered by the user.
Some organisations prefer that user passwords are not logged. In that
case, SuccessFormat that does not include the %P (decoded password)
special character is preferable.