On Apr 4, 2006, at 12:29 PM, Peter Nixon wrote:
On Tue 04 Apr 2006 20:12, Ryan Melendez wrote:
I don't know of any others, but suggestions are welcome. I'm going to go the single-line-option route unless someone chimes in.
We have actually had several discussions both on and off list about this and while Alan doesn't think that there is a particularly good reason to surpress passwords, I respectfully disagree with his opinion and can think of several scenarios you may want to. My suggestion however is to have something a little more generic like the following
detail auth_log { detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail- %Y%m%d.txt detailperm = 0600 detailstrip = User-Password detailstrip = 3GPP-IMSI detailstrip = Other-Random-Attribute }
This easily lets people strip out whatever attributes they want, not only passwords.
Throwing in my $0.02 USD, I think that Peter's approach is the best method. There is a need, and this addresses backwards and forwards compatibility. I'm against hardcoding the Attribute name in the code. -Chris -- Chris Parker Director, Engineering StarNet A Service of US LEC (888)212-0099 Fax (847)963-1302 Wholesale Internet Services http://www.megapop.net VoiceEclipse, The Fresh Alternative http://www.voiceeclipse.com NOTICE: Message is sent IN CONFIDENCE to addressees. It may contain information that is privileged, proprietary or confidential.