detail logs User-Password

Chris Parker cparker at
Tue Apr 4 19:41:39 CEST 2006

On Apr 4, 2006, at 12:29 PM, Peter Nixon wrote:

> On Tue 04 Apr 2006 20:12, Ryan Melendez wrote:
>> I don't know of any others, but suggestions are welcome.  I'm  
>> going to
>> go the single-line-option route unless someone chimes in.
> We have actually had several discussions both on and off list about  
> this and
> while Alan doesn't think that there is a particularly good reason  
> to surpress
> passwords, I respectfully disagree with his opinion and can think  
> of several
> scenarios you may want to. My suggestion however is to have  
> something a
> little more generic like the following
> detail auth_log {
>         detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail- 
> %Y%m%d.txt
>         detailperm = 0600
>         detailstrip = User-Password
>         detailstrip = 3GPP-IMSI
>         detailstrip = Other-Random-Attribute
> }
> This easily lets people strip out whatever attributes they want,  
> not only
> passwords.

Throwing in my $0.02 USD, I think that Peter's approach is the best  

There is a need, and this addresses backwards and forwards  
compatibility.  I'm
against hardcoding the Attribute name in the code.

Chris Parker
Director, Engineering
StarNet A Service of US LEC

(888)212-0099   Fax (847)963-1302
Wholesale Internet Services
VoiceEclipse, The Fresh Alternative

NOTICE: Message is sent IN CONFIDENCE to addressees. It may contain
information that is privileged, proprietary or confidential.

More information about the Freeradius-Devel mailing list