new CVS version is a little quiet....
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Tue May 13 14:07:49 CEST 2008
Hi,
> Which messages?
the old classic:
Thu May 1 05:23:50 2008 : Auth: Login incorrect (rlm_pap: CLEAR TEXT password check failed): [nagios-2] (from client server1 port 0)
Thu May 1 08:12:52 2008 : Auth: Login OK: [nagiostest] (from client amon port 0)
Thu May 1 08:15:51 2008 : Auth: Login OK: [host/random-box.lboro.ac.uk] (from client Cisco-AP port 50013 cli 00-11-22-33-44-55 via TLS tunnel)
> I made some changes to make the code match the documented behavior.
> The default values for "auth_badpass" and "auth_goodpass" are "no",
> which *doesn't* log anything.
ah. i think i see what you mean....and quick look at main/auth.c
shows the the code now does
if goodpass and the user asked to log good passwords then print
if not a goodpass and the user asked to log not good passwords then print
> When I tested it, I didn't see any logs when auth=yes, and
> good/badpass = no. Hence the changes. If you set good/badpass to
> "yes", you will see the log messages.
which is logical...but i think the wording and desciption of the
behaviour is wrong in the config file then...i always thought
that the goodpass and badpass would actually log the passwords
themselves(!) - oh...but wait, it does!!!
oh. thats not good. no, we need to have a safer logging....of
just like it used to be - auth logging without the password
printing. just print the username/stripped-user (config option)
dont print the password if its good or bad.
alan
More information about the Freeradius-Users
mailing list