Is it possible to log the Dial-In user password?

Fajar A. Nugraha list at fajar.net
Wed Apr 18 14:19:42 CEST 2012


On Wed, Apr 18, 2012 at 7:05 PM, Henrik Karlsson
<Henrik.Karlsson at generic.se> wrote:
>
> Hi,
>
> I need to log the Dial-In users Password and I wonder if it is possible to
> do that in a freeRADIUS server?

yes, if the user uses pap.

>  I’m using freeRadius and MySQL server to
> store information such as userinfo and traffic logs.
>
>
>
> If it is possible can someone please describe how?

there's User-Password attribute, with which you can do anything you
want (i.e. insert to db using unlang)
there's auth_badpass and auth_goodpass in radiusd.conf if you just
want to log it in radius.log.

Again, it's only possible if the user uses pap. It should be possible
to configure FR to only use pap (i.e. disable chap and friends). Most
clients can use pap as fallback, so they should be able to still
login.

-- 
Fajar


More information about the Freeradius-Devel mailing list