How to hide passwords in the log file?

Alan DeKok aland at deployingradius.com
Fri Aug 7 14:13:42 CEST 2009


Rokkhan wrote:
> Hi,
> Does anyone knows how to hide passwords in the log file?

  Turn off "auth_goodpass".

> I have no problems when users are authenticated by PEAP, because the
> log file doesn´t shows the passwords, but now, i want to configure a
> virtual server to work like tacacs+ on a Cisco ASA Firewall. The
> firewall supports only radius protocol and it sends passwords in
> cleartext (PAP), so the passwords are shown on the log, something i
> would like to avoid.

  Then... don't tell the serer to log them.

> I know that i could set  auth = no, and then no authentication will
> appear in the log, but i need to keep this information to see if a
> user has logged in correctly or not.

  Or, set "auth_goodpass = no".

  This is documented.

  Alan DeKok.





More information about the Freeradius-Users mailing list