On 17 Feb 2014, at 15:32, Alan DeKok <aland@deployingradius.com> wrote:
Please test.
One major cosmetic change is the hiding of secret keys when using "radiusd -X"
... client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = <<< secret >>> ...
They still show up when using "radiusd -Xx".
I've historically opposed this. The reason has been that the keys are needed for debugging, which is correct. However, the number of people who've screwed up and posted their secrets publicly is growing.
In the interest of not letting people hurt themselves, the secrets are now secret by default.
If anyone objects, please let me know.
Logging levels in rlm_pap have also been increased so that sensitive information is not output there either (unless -Xx). The server will, however, still print out User-Password values when printing a list of attributes in the request, and when forwarding requests. Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2