Release of 3.0.2 is imminent

Arran Cudbard-Bell a.cudbardb at
Mon Feb 17 18:43:25 CET 2014

On 17 Feb 2014, at 15:32, Alan DeKok <aland at> wrote:

>  Please test.
>  One major cosmetic change is the hiding of secret keys when using
> "radiusd -X"
> ...
> client localhost {
> 	ipaddr =
> 	require_message_authenticator = no
> 	secret = <<< secret >>>
> ...
>  They still show up when using "radiusd -Xx".
>  I've historically opposed this.  The reason has been that the keys are
> needed for debugging, which is correct.  However, the number of people
> who've screwed up and posted their secrets publicly is growing.
>  In the interest of not letting people hurt themselves, the secrets are
> now secret by default.
>  If anyone objects, please let me know.

Logging levels in rlm_pap have also been increased so that sensitive 
information is not output there either (unless -Xx).

The server will, however, still print out User-Password values when printing
a list of attributes in the request, and when forwarding requests.

Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the Freeradius-Devel mailing list