User passwords in file

Phil Mayers p.mayers at
Thu Feb 9 12:43:22 CET 2006

Walter Reynolds wrote:
> I am currently running freeradius 1.0.4  I have the following line set
> log_auth_goodpass = no
> I am also using krb5 module under PAM.
> The problem I am having is while I do not get the User-Password in the 
> <NAS>/auth-detail log, it does show up in the file.
> I have tried to search the archive and feel I must me mising something. 
> Can someone please help me figure out what is going on?  I want logs and 
> details, just not the user passwords.

I think you're missing the point. That's what that is supposed to do. 
The default config has this (commented out):

# detail auth_log {
     # detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
     #  This MUST be 0600, otherwise anyone can read
     #  the users passwords!
     # detailperm = 0600
# }


authorize {
   # auth_log

That stanza will log the radius Access-Request, so of course the 
password will always be in it. There's nothing you can do about this 
except don't use that stanza.

> Thanks.
> -- Walter Reynolds
>    University of Michigan
> - List info/subscribe/unsubscribe? See 

More information about the Freeradius-Users mailing list