Clear text passwords
George C. Kaplan
gckaplan at ack.berkeley.edu
Fri Mar 24 01:38:48 CET 2006
Alan DeKok wrote:
> Guy Fraser <guy at incentre.net> wrote:
>
>>> You will have to edit the source code to the detail module to make
>>>it do what you want.
>>>
>>
>>Is that the way it is supposed to be, or is it on a todo list for it
>>to be fixed?
>
> Fixed to do what, and why?
To not log passwords in the detail file, because it puts them at
unnecessary risk of exposure.
> No, I'm not being dumb, I'd like to see reasons why dropping
> information from the detail log is a good idea.
Actually, I may be confused here. Are we talking about passwords
entered by users and sent to the RADIUS daemon by a NAS being logged in
the radius.log or the detail file? I ask because I *don't* see this
behavior (except in debugging mode) on freeradius 1.0.5. So maybe we're
talking about something else.
We have strict rules here about handling sensitive data; I'd be in big
trouble if any of my systems was storing user-supplied passphrases in a
log file.
--
George C. Kaplan gckaplan at ack.berkeley.edu
Communication & Network Services 510-643-0496
University of California at Berkeley
More information about the Freeradius-Users
mailing list