Hi! I thought that, if I don't enable auth_goodpass, the correct authentications will not appear in the log, not that only the onyl thing that will not appear, will be the password. Ok, thanks for all, now i have set auth_goodpass = no, and the passwords are not shown in the log. Thanks for all! 2009/8/7 Alan DeKok <aland@deployingradius.com>:
Rokkhan wrote:
Hi, Does anyone knows how to hide passwords in the log file?
Turn off "auth_goodpass".
I have no problems when users are authenticated by PEAP, because the log file doesn´t shows the passwords, but now, i want to configure a virtual server to work like tacacs+ on a Cisco ASA Firewall. The firewall supports only radius protocol and it sends passwords in cleartext (PAP), so the passwords are shown on the log, something i would like to avoid.
Then... don't tell the serer to log them.
I know that i could set auth = no, and then no authentication will appear in the log, but i need to keep this information to see if a user has logged in correctly or not.
Or, set "auth_goodpass = no".
This is documented.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html