I notice the password during supplicant connects to the radius server are displayed in plain text. Is there a way to disable this? -- Cody Jarrett IT Freedom cody.jarrett@itfreedom.com Office: 512.419.0070 Fax: 512.419.0080
On Thu 21 Jun 2007, Cody Jarrett wrote:
I notice the password during supplicant connects to the radius server are displayed in plain text. Is there a way to disable this?
Yep. Don't run in debug mode... -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc
Cody Jarrett wrote:
I notice the password during supplicant connects to the radius server are displayed in plain text. Is there a way to disable this?
No. Anyone who can run the server in debugging mode can access the passwords via another method. If you don't want the passwords visible, post-process the output of debugging mode to remove the passwords. Alan DeKok.
Alan DeKok-2 wrote:
Cody Jarrett wrote:
I notice the password during supplicant connects to the radius server are displayed in plain text. Is there a way to disable this?
No. Anyone who can run the server in debugging mode can access the passwords via another method.
If you don't want the passwords visible, post-process the output of debugging mode to remove the passwords.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I was wondering if there is a configuration option to control the level of debugging. Basically I was also looking for a way to prevent passwords from showing up when "freeradius -X" is used. I understand older versions didn't have this ability. Did this change in newer freeradius versions? Thanks -- View this message in context: http://old.nabble.com/Password-in-Radius-Debug-tp11239928p27925892.html Sent from the FreeRadius - User mailing list archive at Nabble.com.
Ari El wrote:
I was wondering if there is a configuration option to control the level of debugging.
$ man radiusd
Basically I was also looking for a way to prevent passwords from showing up when "freeradius -X" is used.
No. Read the message you quoted.
I understand older versions didn't have this ability. Did this change in newer freeradius versions?
No. It won't *ever* change. The purpose of debugging is to allow debugging. This includes checking passwords. Administrators who have the ability to see debugging mode have enough information to decode the passwords, EVEN IF the debug mode suppresses the passwords. Administrators who have read access to the configuration have enough information to decode the passwords, EVEN IF the debug mode suppresses the passwords. i.e. the idea of suppressing passwords is well intentioned, but useless. Alan DeKok.
participants (5)
-
Alan Buxey -
Alan DeKok -
Ari El -
Cody Jarrett -
Peter Nixon