Source Code Modification Help - No Clear Text User-Password logging
Fajar A. Nugraha
list at fajar.net
Mon Jul 30 07:00:08 CEST 2012
On Mon, Jul 30, 2012 at 11:47 AM, Mark Selby <mselby at knewton.com> wrote:
> We do want to be able ever to see our users
> passwords
>
> (1) log_auth_badpass|log_auth_goodpass
> (2) radiusd -X
Are you sure that would be effective? Anyone who can edit
radiusd.conf or run "radiusd -X" usually have root password. It means,
if they want to, they can:
(1) replace your binary with another one (e.g. the one compiled from
vanilla source code)
(2) then can run tcpdump on the interface, which can show the
attribute user-password as clear text if the user uses PAP (although
this might be irrelevant to you since your debug log shows only ttls)
(3) if you need to have user-password attribute in the first place,
usually it's because whatever backend you use (e.g. db, LDAP) can only
handle clear text password (e.g. because they store only encrypted
passwords). Depending on what backend you use, It's possible that the
admin can capture the traffic between FR and the backend to look at
the clear-text user password.
(4) Then can modify radiusd.conf (or whatever virtual server is
active) to activate additional logging (to file, db, whatever) that
could store the value of whatever attribute they choose (including
User-Password).
--
Fajar
More information about the Freeradius-Devel
mailing list