How to avoid logging cleartext passwords upon unix authentication failures
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Tue Feb 25 17:39:55 CET 2014
On 25 Feb 2014, at 14:54, Matthew Newton <mcn4 at LEICESTER.AC.UK> wrote:
> On Tue, Feb 25, 2014 at 12:05:10PM +0100, Gianni Costanzi wrote:
>> Tue Feb 25 11:36:49 2014 : Auth: [unix] invalid password "wrongPassword"
>>
>> Is it possible to tell the unix module not to log passwords? We already
>
> In v2, only by editing the source, as it's hardcoded. Comment out
> the line in rlm_unix.c
>
> You could potentially pull the crypted password out with the
> passwd module, and auth with pap rather than unix. Should have the
> desired effect.
>
> In v3 the invalid password logging has gone away, so if you
> upgrade then you should be OK.
* Is only displayed and debug level 3.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140225/20623813/attachment.pgp>
More information about the Freeradius-Users
mailing list