I am send this to the freeradius-devel list as I am asking for help on source code modification and felt this was more appropriate than freeradius-users list. If it is felt by many that I should re-submit under the users list I will be happy to do so. I do not have any C programming experience but have made small modifications and compiled tens of open source software programs. I am using freeradius for my company as 802.1x wireless authentication backend for our internal wifi network. We extensively use Kerberos (MIT) as an authentication mechanism and have configured TTLS/PAP on the client and rlm_krb5 to allow users to authenticate using their Kerberos principals and passwords. As a general practice we never ask what other users passwords are, never transmit passwords over the wire in clear text, and never log passwords on disk. I have found there are 2 ways to get the freeradius server to log clear text passwords and would like to ask for source code modification examples or at least pointers the right place to make them such that I can compile a custom version of the software that does not do this. We do want to be able ever to see our users passwords (1) log_auth_badpass|log_auth_goodpass I see there are 4 source files (radiusd.h auth.c mainconfig.c radiusd.c) that include references to log_auth_badpass and log_auth_goodpass. I figure that I can read the code and make any minor modifications that make sure these options can not be turned on. (2) radiusd -X When running in debug mode I can often see on the screen output like the below: [ttls] Got tunneled request User-Name = "gonzo" User-Password = "a_password" FreeRADIUS-Proxied-To = 127.0.0.1 [ttls] Sending tunneled request User-Name = "gonzo" User-Password = "a_password" FreeRADIUS-Proxied-To = 127.0.0.1 NAS-IP-Address = 10.0.1.218 NAS-Identifier = "AP-7eff00" NAS-Port = 0 Called-Station-Id = "AA-1E-72-7A-AA-00:radius" Calling-Station-Id = "A4-5A-AE-54-04-48" Framed-MTU = 1500 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" I can not seem to figure out in the code how to make sure that the User-Password is never printed in the clear like it is above. Any pointers to where in the code I can turn this off would be greatly appreciated. Thanks!