detail logs User-Password
Ryan Melendez
rmelendez at wayport.net
Tue Apr 4 22:53:21 CEST 2006
> > My suggestion however is to have
> > something a
> > little more generic like the following
> >
> > detail auth_log {
> > detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-
> > %Y%m%d.txt
> > detailperm = 0600
> > detailstrip = User-Password
> > detailstrip = 3GPP-IMSI
> > detailstrip = Other-Random-Attribute
> > }
> >
> > This easily lets people strip out whatever attributes they want,
> > not only
> > passwords.
>
> Throwing in my $0.02 USD, I think that Peter's approach is the best
> method.
>
> There is a need, and this addresses backwards and forwards
> compatibility. I'm
> against hardcoding the Attribute name in the code.
I've successfully implemented the "log_pass = yes/no" method. This
patch compares with PW_PASSWORD.
I agree Peter's approach is more scalable, but I'm not confident I know
how to responsibly handle x number of config options. Is there another
module that accepts an unknown number of config options I can take a
peek at?
Thanks,
Ryan
More information about the Freeradius-Devel
mailing list