Release of 3.0.2 is imminent
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Mon Feb 17 18:43:25 CET 2014
On 17 Feb 2014, at 15:32, Alan DeKok <aland at deployingradius.com> wrote:
> Please test.
>
> One major cosmetic change is the hiding of secret keys when using
> "radiusd -X"
>
> ...
> client localhost {
> ipaddr = 127.0.0.1
> require_message_authenticator = no
> secret = <<< secret >>>
> ...
>
> They still show up when using "radiusd -Xx".
>
> I've historically opposed this. The reason has been that the keys are
> needed for debugging, which is correct. However, the number of people
> who've screwed up and posted their secrets publicly is growing.
>
> In the interest of not letting people hurt themselves, the secrets are
> now secret by default.
>
> If anyone objects, please let me know.
Logging levels in rlm_pap have also been increased so that sensitive
information is not output there either (unless -Xx).
The server will, however, still print out User-Password values when printing
a list of attributes in the request, and when forwarding requests.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20140217/d15ac0fb/attachment.pgp>
More information about the Freeradius-Devel
mailing list