Free Radius 2.1.1 showing clear text password at the debug mode
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Thu Feb 21 11:58:58 CET 2013
Hi,
> So what i want to confirm here, are you saying that means in debug mode
> its "normal" for me "admin" to see the user password? I mean it's normal
> behaviour of radius 2.1.1?
yes. its normal behaviour - debug mode is for trouble-shooting/problem-solving
not a mode you would run in a day to day basis. the server KNOWS the password..its
stored in variables and arrays so if a 'bad guy' has access to the server they could
get that password anywayin more trivial ways (such as logging it when a request
came through). some sites do such things for enabling migration from one service
to another...eg grab and put into another store etc...
alan
More information about the Freeradius-Users
mailing list