How to hide passwords in the log file?
Alan DeKok
aland at deployingradius.com
Fri Aug 7 14:13:42 CEST 2009
Rokkhan wrote:
> Hi,
> Does anyone knows how to hide passwords in the log file?
Turn off "auth_goodpass".
> I have no problems when users are authenticated by PEAP, because the
> log file doesn´t shows the passwords, but now, i want to configure a
> virtual server to work like tacacs+ on a Cisco ASA Firewall. The
> firewall supports only radius protocol and it sends passwords in
> cleartext (PAP), so the passwords are shown on the log, something i
> would like to avoid.
Then... don't tell the serer to log them.
> I know that i could set auth = no, and then no authentication will
> appear in the log, but i need to keep this information to see if a
> user has logged in correctly or not.
Or, set "auth_goodpass = no".
This is documented.
Alan DeKok.
More information about the Freeradius-Users
mailing list