Hiding Passwords in Debug Output

Alan DeKok aland at deployingradius.com
Tue Sep 26 17:32:18 CEST 2006

"Garber, Neal" <Neal.Garber at energyeast.com> wrote:
> That's unfair Alan.  I was not trying to *dictate* that other admins
> shouldn't see it - I was proposing that admins should have a choice -
> because, IMO it's not needed to troubleshoot most problems.  

  It's no more unfair than your comment about why don't I see the need
to keep private information secure...

> I could and it would do most of what I wanted.  However, it feels like a
> kludge and everyone on my team would need to remember to filter the
> output when running in debug mode.

  Huh?  Write a wrapper for the server.  That's what shell scripts are

> I just think it's safer (from the perspective of admins that don't
> want/need to see the passwords) to have a config. option that forces
> the suppression.

  You have access to the source.  Make a patch that you apply and
maintain locally.  The main disagreement here is that you want the
patch to be applied to the server, for everyone elses "benefit".

  As I hope I'm making clear, that won't happen.

> I've asked questions in an attempt to understand your
> point-of-view and you didn't answer them.

  I have responded to every issue of substance you raised.  I have
explained *my* position in depth, and given you multiple options for
how to achieve your goal without impacting everyone else using the

  Insulting me because I disagree with you pretty much guarantees that
I will never agree with you.

  Alan DeKok.
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog

More information about the Freeradius-Users mailing list