22 Sep
2006
22 Sep
'06
1:23 p.m.
I understand that it is sometimes useful to display the plain-text password in the debug output; however, I consider this a security exposure. I'd like to see a configuration option (e.g., debug_show_passwords or something similar) with a default of no, that when set to false/no would write "********" instead of a plain-text password in debug output. Currently, modules rlm_ldap, rlm_pap, and perhaps others write the plain-text password in debug output. Your thoughts? Neal