RE: detail logs User-Password
My suggestion however is to have something a little more generic like the following
detail auth_log { detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail- %Y%m%d.txt detailperm = 0600 detailstrip = User-Password detailstrip = 3GPP-IMSI detailstrip = Other-Random-Attribute }
This easily lets people strip out whatever attributes they want, not only passwords.
Throwing in my $0.02 USD, I think that Peter's approach is the best method.
There is a need, and this addresses backwards and forwards compatibility. I'm against hardcoding the Attribute name in the code.
I've successfully implemented the "log_pass = yes/no" method. This patch compares with PW_PASSWORD. I agree Peter's approach is more scalable, but I'm not confident I know how to responsibly handle x number of config options. Is there another module that accepts an unknown number of config options I can take a peek at? Thanks, Ryan
"Ryan Melendez" <rmelendez@wayport.net> wrote:
I agree Peter's approach is more scalable, but I'm not confident I know how to responsibly handle x number of config options. Is there another module that accepts an unknown number of config options I can take a peek at?
Uh, no. You can parse config options by hand. See cf_item_find_next() which gets the next thing in a list, and cf_itemtopair() which converts an item to a CONF_PAIR, for manual parsing. Submit the patch you have now, and I'll take a look at poking it to do more. Alan DeKok.
participants (2)
-
Alan DeKok -
Ryan Melendez