Restrict Password from detail file , accounting
Is there a way to eliminate the password from being written to the accounting log files? Either not in clear text or altogether? I know that read access is restricted to Root access only.
Hi,
Is there a way to eliminate the password from being written to the accounting log files? Either not in clear text or altogether?
which accounting logs? with the recent versions of FreeRADIUS you can add the following to the last part of each detail logging stanza suppress { User-Password } usage of obfuscation is also recommended for, eg MySQL logging. simply replace the User-Password INSERT with the value of 'password' alan
I have the new version 1.1.4 up and running. I also have uncommented the "suppress" stanza in radiusd.conf below. However, in radacct/auth-.... files, the password is still showing up..??? Is there something else to do? Scott -----Original Message----- From: freeradius-users-bounces+scott.1.ellis=lmco.com@lists.freeradius.org [mailto:freeradius-users-bounces+scott.1.ellis=lmco.com@lists.freeradius .org] On Behalf Of A.L.M.Buxey@lboro.ac.uk Sent: Wednesday, January 10, 2007 3:10 PM To: FreeRadius users mailing list Subject: Re: Restrict Password from detail file , accounting Hi,
Is there a way to eliminate the password from being written to the accounting log files? Either not in clear text or altogether?
which accounting logs? with the recent versions of FreeRADIUS you can add the following to the last part of each detail logging stanza suppress { User-Password } usage of obfuscation is also recommended for, eg MySQL logging. simply replace the User-Password INSERT with the value of 'password' alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ellis, Scott 1 (N-Comptel Inc.) wrote:
I have the new version 1.1.4 up and running. I also have uncommented the "suppress" stanza in radiusd.conf below. However, in radacct/auth-.... files, the password is still showing up..???
Did you add the "suppress" section to the configuration for *all* of the detail instances you're using? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Thanks. I did not realize I could apply it to all instances. That's great. -----Original Message----- From: freeradius-users-bounces+scott.1.ellis=lmco.com@lists.freeradius.org [mailto:freeradius-users-bounces+scott.1.ellis=lmco.com@lists.freeradius .org] On Behalf Of Alan DeKok Sent: Friday, January 19, 2007 2:25 AM To: FreeRadius users mailing list Subject: Re: Restrict Password from detail file , accounting Ellis, Scott 1 (N-Comptel Inc.) wrote:
I have the new version 1.1.4 up and running. I also have uncommented the "suppress" stanza in radiusd.conf below. However, in radacct/auth-.... files, the password is still showing up..???
Did you add the "suppress" section to the configuration for *all* of the detail instances you're using? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (3)
-
A.L.M.Buxey@lboro.ac.uk -
Alan DeKok -
Ellis, Scott 1 (N-Comptel Inc.)