On Dec 1, 2020, at 10:13 AM, Matt Zagrabelny via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
Reading through the documentation at:
http://wiki.freeradius.org/list-help
It states to include the full output of radiusd -X. I do believe that the full output includes sensitive information, like passwords, that should not be posted to the mailing list.
Some of the sensitive information is removed, like shared secrets. Other than that, it's difficult to know what's sensitive and what isn't. User-Password is simple perhaps. But there are many protocols used in FreeRADIUS, each of which has their own issues. Should the MS-CHAP data be omitted? If so, what about EAP-MSCHAP?
What do folks think about replacing sensitive information in the output with "removed" or "sensitive data removed", etc?
Personally, I think -X could use this new mode by default, and also add an option to not remove sensitive info.
I'm fine with removing sensitive data. The questions are: a) what is sensitive b) how do you remove it. These issues aren't trivial. I suggest attempting to make a patch which is both understandable, and works. The process will be educational. Alan DeKok.