Free radius installed via a RPM: # rpm -qa | grep radius freeradius-1.0.1-3.RHEL4.5
# radiusd -v radiusd: FreeRADIUS Version 1.0.1, for host , built on Apr 25 2007 at 08:19:46
That was years out of date even when installed. See about upgrading: http://wiki.freeradius.org/Red_Hat_FAQ
Our /etc/raddb/radiusd.conf clearly states to not log passwords: # allowed values: {no, yes} # log_auth_badpass = no log_auth_goodpass = no
In radius.log file. And it doesn't:
Login OK: [username] (from client hostname.com port 0)
# cat auth-detail-20081023
Packet-Type = Access-Request <removed> User-Name = "username" User-Password = "password" NAS-IP-Address = 127.0.0.1 Client-IP-Address = 127.0.0.1
That's detail module at work:
Module: Loaded detail detail: detailfile = "/etc/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (auth_log)
In current versions there is a supress setting in detail module where you can set attributes that you don't want to log in detail file. I have no idea if such setting exists in the version you are using. Ivan Kalik Kalik Informatika ISP