19 Apr
2012
19 Apr
'12
7:04 a.m.
On Wed, Apr 18, 2012 at 07:19:42PM +0700, Fajar A. Nugraha wrote:
On Wed, Apr 18, 2012 at 7:05 PM, Henrik Karlsson <Henrik.Karlsson@generic.se> wrote:
Hi,
I need to log the Dial-In users Password and I wonder if it is possible to do that in a freeRADIUS server?
yes, if the user uses pap.
And for CHAP, you can log CHAP-Challenge and CHAP-Response. Those values are sufficient to be able to tell afterwards whether the user used a given password or not. (i.e. you can test "did they use password '123456'"?) You can also make a dictionary attack to try to determine what password they used, which will often succeed if it's a simple password.