Walter Reynolds wrote:
I am currently running freeradius 1.0.4 I have the following line set
log_auth_goodpass = no
I am also using krb5 module under PAM.
The problem I am having is while I do not get the User-Password in the <NAS>/auth-detail log, it does show up in the 127.0.0.1/auth-detail file.
I have tried to search the archive and feel I must me mising something. Can someone please help me figure out what is going on? I want logs and details, just not the user passwords.
I think you're missing the point. That's what that is supposed to do. The default config has this (commented out): # detail auth_log { # detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d # # This MUST be 0600, otherwise anyone can read # the users passwords! # detailperm = 0600 # } ...and: authorize { # auth_log } That stanza will log the radius Access-Request, so of course the password will always be in it. There's nothing you can do about this except don't use that stanza.
Thanks.
-- Walter Reynolds University of Michigan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html