new CVS version is a little quiet....

A.L.M.Buxey at A.L.M.Buxey at
Tue May 13 14:07:49 CEST 2008


>   Which messages?

the old classic:

Thu May  1 05:23:50 2008 : Auth: Login incorrect (rlm_pap: CLEAR TEXT password check failed): [nagios-2] (from client server1 port 0)
Thu May  1 08:12:52 2008 : Auth: Login OK: [nagiostest] (from client amon port 0)
Thu May  1 08:15:51 2008 : Auth: Login OK: [host/] (from client Cisco-AP port 50013 cli 00-11-22-33-44-55 via TLS tunnel)

>   I made some changes to make the code match the documented behavior.
> The default values for "auth_badpass" and "auth_goodpass" are "no",
> which *doesn't* log anything.

ah. i think i see what you mean....and quick look at main/auth.c
shows the the code now does

if goodpass and the user asked to log good passwords then print
if not a goodpass and the user asked to log not good passwords then print

>   When I tested it, I didn't see any logs when auth=yes, and
> good/badpass = no.  Hence the changes.  If you set good/badpass to
> "yes", you will see the log messages.

which is logical...but i think the wording and desciption of the
behaviour is wrong in the config file then...i always thought
that the goodpass and badpass would actually log the passwords
themselves(!) - oh...but wait, it does!!!

oh. thats not good. no, we need to have a safer logging....of
just like it used to be - auth logging without the password
printing.  just print the username/stripped-user (config option)
dont print the password if its good or bad. 


More information about the Freeradius-Users mailing list