How to hide passwords in the log file?
Rokkhan
rokkhan at gmail.com
Fri Aug 7 17:11:09 CEST 2009
Hi!
I thought that, if I don't enable auth_goodpass, the correct
authentications will not appear in the log, not that only the onyl
thing that will not appear, will be the password.
Ok, thanks for all, now i have set auth_goodpass = no, and the
passwords are not shown in the log.
Thanks for all!
2009/8/7 Alan DeKok <aland at deployingradius.com>:
> Rokkhan wrote:
>> Hi,
>> Does anyone knows how to hide passwords in the log file?
>
> Turn off "auth_goodpass".
>
>> I have no problems when users are authenticated by PEAP, because the
>> log file doesn´t shows the passwords, but now, i want to configure a
>> virtual server to work like tacacs+ on a Cisco ASA Firewall. The
>> firewall supports only radius protocol and it sends passwords in
>> cleartext (PAP), so the passwords are shown on the log, something i
>> would like to avoid.
>
> Then... don't tell the serer to log them.
>
>> I know that i could set auth = no, and then no authentication will
>> appear in the log, but i need to keep this information to see if a
>> user has logged in correctly or not.
>
> Or, set "auth_goodpass = no".
>
> This is documented.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list