rlm_unix and logging of bad passwords
Hi, I run: freeradius-2.2.0p2 on OpenBSD 5.4 and I'm wondering how I can stop freeradius to log bad passwords to /var/log/radius/radius.log. The users are in the system password-db. I checked in rlm_unix.c where the log is happening but from there didn't figure what could be done to prevent the line from being logged: //line371ff if (fr_crypt_check((char *) request->password->vp_strvalue, (char *) vp->vp_strvalue) != 0) { radlog_request(L_AUTH, 0, request, "invalid password \"%s\"", request->password->vp_strvalue); return RLM_MODULE_REJECT; } Any hints? Thanks in advance. Mischa -- Mischa Diehm | Network Operations Center (NOC) UniBasel | UniRechenZentrum (URZ) Klingebergstr. 70 | CH-4056 Basel Tel. +41 61 267 1574 | http://urz.unibas.ch
On 07/03/14 16:23, Mischa Diehm wrote:
Hi,
I run: freeradius-2.2.0p2 on OpenBSD 5.4
and I'm wondering how I can stop freeradius to log bad passwords to /var/log/radius/radius.log. The users are in the system password-db.
I checked in rlm_unix.c where the log is happening but from there didn't figure what could be done to prevent the line from being logged:
Don't use rlm_unix for authentication. Let rlm_pap do it: authorize { ... unix pap ... } authenticate { Auth-Type PAP { pap } } Seems to be the day for rlm_unix/pap...
Hi,
figure what could be done to prevent the line from being logged:
//line371ff if (fr_crypt_check((char *) request->password->vp_strvalue, (char *) vp->vp_strvalue) != 0) { radlog_request(L_AUTH, 0, request, "invalid password \"%s\"", request->password->vp_strvalue); return RLM_MODULE_REJECT; }
as Phil says...or if you really must, change that to.. if (fr_crypt_check((char *) request->password->vp_strvalue, (char *) vp->vp_strvalue) != 0) { radlog_request(L_AUTH, 0, request, "invalid password \"PASSWORD\""); return RLM_MODULE_REJECT; } though this should only be logging invalid passwords anyway???... alan
participants (3)
-
A.L.M.Buxey@lboro.ac.uk -
Mischa Diehm -
Phil Mayers