radiusd logs good passwords even when told not to?

tnt at kalik.net tnt at kalik.net
Tue Jan 6 18:18:24 CET 2009

>Free radius installed via a RPM:
># rpm -qa  | grep radius
># radiusd -v
>radiusd: FreeRADIUS Version 1.0.1, for host , built on Apr 25 2007 at

That was years out of date even when installed. See about upgrading:


>Our /etc/raddb/radiusd.conf clearly states to not log passwords:
>#  allowed values: {no, yes}
>log_auth_badpass = no
>log_auth_goodpass = no

In radius.log file. And it doesn't:

>Login OK: [username] (from client hostname.com port 0)

># cat auth-detail-20081023
>Packet-Type = Access-Request
>        User-Name = "username"
>        User-Password = "password"
>        NAS-IP-Address =
>        Client-IP-Address =
That's detail module at work:

>Module: Loaded detail
> detail: detailfile = "/etc/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
> detail: detailperm = 384
> detail: dirperm = 493
> detail: locking = no
>Module: Instantiated detail (auth_log)

In current versions there is a supress setting in detail module where you
can set attributes that you don't want to log in detail file. I have no
idea if such setting exists in the version you are using.

Ivan Kalik
Kalik Informatika ISP

More information about the Freeradius-Users mailing list