detail logs User-Password
Chris Parker
cparker at starnetusa.net
Tue Apr 4 19:41:39 CEST 2006
On Apr 4, 2006, at 12:29 PM, Peter Nixon wrote:
> On Tue 04 Apr 2006 20:12, Ryan Melendez wrote:
>>
>> I don't know of any others, but suggestions are welcome. I'm
>> going to
>> go the single-line-option route unless someone chimes in.
>
> We have actually had several discussions both on and off list about
> this and
> while Alan doesn't think that there is a particularly good reason
> to surpress
> passwords, I respectfully disagree with his opinion and can think
> of several
> scenarios you may want to. My suggestion however is to have
> something a
> little more generic like the following
>
> detail auth_log {
> detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-
> %Y%m%d.txt
> detailperm = 0600
> detailstrip = User-Password
> detailstrip = 3GPP-IMSI
> detailstrip = Other-Random-Attribute
> }
>
> This easily lets people strip out whatever attributes they want,
> not only
> passwords.
Throwing in my $0.02 USD, I think that Peter's approach is the best
method.
There is a need, and this addresses backwards and forwards
compatibility. I'm
against hardcoding the Attribute name in the code.
-Chris
--
Chris Parker
Director, Engineering
StarNet A Service of US LEC
(888)212-0099 Fax (847)963-1302
Wholesale Internet Services http://www.megapop.net
VoiceEclipse, The Fresh Alternative http://www.voiceeclipse.com
NOTICE: Message is sent IN CONFIDENCE to addressees. It may contain
information that is privileged, proprietary or confidential.
More information about the Freeradius-Devel
mailing list