Personally, I don't see a lot of value in it. But if the patch is simple & the config is easy, I have no objections to it going in.
If someone would rather send plain text over the wire rather than storing plain text passwords, logging the password gives up the main advantage for many in using PAP over CHAP.
Question: are there *other* attributes which should be suppressed? If so, the configuration should take a list of attributes to censor, rather than just "logpass=yes/no"
I don't know of any others, but suggestions are welcome. I'm going to go the single-line-option route unless someone chimes in. Thanks, Ryan
On Tue 04 Apr 2006 20:12, Ryan Melendez wrote:
Personally, I don't see a lot of value in it. But if the patch is simple & the config is easy, I have no objections to it going in.
If someone would rather send plain text over the wire rather than storing plain text passwords, logging the password gives up the main advantage for many in using PAP over CHAP.
Question: are there *other* attributes which should be suppressed? If so, the configuration should take a list of attributes to censor, rather than just "logpass=yes/no"
I don't know of any others, but suggestions are welcome. I'm going to go the single-line-option route unless someone chimes in.
We have actually had several discussions both on and off list about this and while Alan doesn't think that there is a particularly good reason to surpress passwords, I respectfully disagree with his opinion and can think of several scenarios you may want to. My suggestion however is to have something a little more generic like the following detail auth_log { detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d.txt detailperm = 0600 detailstrip = User-Password detailstrip = 3GPP-IMSI detailstrip = Other-Random-Attribute } This easily lets people strip out whatever attributes they want, not only passwords. -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc
On Apr 4, 2006, at 12:29 PM, Peter Nixon wrote:
On Tue 04 Apr 2006 20:12, Ryan Melendez wrote:
I don't know of any others, but suggestions are welcome. I'm going to go the single-line-option route unless someone chimes in.
We have actually had several discussions both on and off list about this and while Alan doesn't think that there is a particularly good reason to surpress passwords, I respectfully disagree with his opinion and can think of several scenarios you may want to. My suggestion however is to have something a little more generic like the following
detail auth_log { detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail- %Y%m%d.txt detailperm = 0600 detailstrip = User-Password detailstrip = 3GPP-IMSI detailstrip = Other-Random-Attribute }
This easily lets people strip out whatever attributes they want, not only passwords.
Throwing in my $0.02 USD, I think that Peter's approach is the best method. There is a need, and this addresses backwards and forwards compatibility. I'm against hardcoding the Attribute name in the code. -Chris -- Chris Parker Director, Engineering StarNet A Service of US LEC (888)212-0099 Fax (847)963-1302 Wholesale Internet Services http://www.megapop.net VoiceEclipse, The Fresh Alternative http://www.voiceeclipse.com NOTICE: Message is sent IN CONFIDENCE to addressees. It may contain information that is privileged, proprietary or confidential.
participants (3)
-
Chris Parker -
Peter Nixon -
Ryan Melendez