radiusd logs good passwords even when told not to?

Tim Eberhard xmin0s at gmail.com
Tue Jan 6 18:58:52 CET 2009


I have no need for a details log the data stored in /var/log/radius.log is
more than sufficient for me.

So by commenting out detail { } in the radiusd.conf file should stop this?


I know I'm running a ancient version of free radius.. sadly it's what RHEL
came with and it's what we have as 'stable'. I'll look at upgrading but I'm
afraid this is one of those wonderful 100% uptime required services.

Thanks again all,

-Tim Eberhard

On Tue, Jan 6, 2009 at 11:51 AM, <A.L.M.Buxey at lboro.ac.uk> wrote:

> Hi,
>
> > Background info:
>
> yes, ancient version
>
> > Our /etc/raddb/radiusd.conf clearly states to not log passwords:
> > #  allowed values: {no, yes}
> > #
> > log_auth_badpass = no
> > log_auth_goodpass = no
>
> correct - in the main log
>
> > However it's logging good password auth's still..
> >
>
> no, this is the detail file - and you've enabled the
> detail logging module - which has an option for stopping
> the password from being logged...however, I think that
> was only from version 1.1.x  - see the current version
> docs and/or the current config files from the recent
> release (download the tar.gz file, extract and then view
> the config.
>
> do you need or use the detail files in any of your
> processes? if not, then disable the detail module
> (comment out calls to it)
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090106/a71f1d06/attachment.html>


More information about the Freeradius-Users mailing list