On-line debugging tool

Alan DeKok aland at deployingradius.com
Thu Jan 7 13:15:06 CET 2010


Alexander Clouter wrote:
> Is there a plan to add to FreeRADIUS a debug output mangling option?  So 
> things like Cleartext-Password and User-Password are obscured.

  Send a patch. ;)

> For example, you get the user to run FreeRADIUS with '-XO', then just 
> before printing to the screen the value of the 'secret' attributes are 
> md5'd and the hashes are shown instead (should be a constant, unless 
> there is actually a mismatch).  Of course you could have a '-o 
> attr1,attr2' to protect other attributes at runtime too.

  The problem is that it's hard to do.  The passwords can be used in
multiple places, so knowing *when* to mangle them is awkward.

  We could do a few simple things like not print client secrets or
User-Passwords from the received packets.  But anything past that
quickly becomes very, very, difficult.

  Alan DeKok.



More information about the Freeradius-Users mailing list