On-line debugging tool
Alan DeKok
aland at deployingradius.com
Thu Jan 7 13:15:06 CET 2010
Alexander Clouter wrote:
> Is there a plan to add to FreeRADIUS a debug output mangling option? So
> things like Cleartext-Password and User-Password are obscured.
Send a patch. ;)
> For example, you get the user to run FreeRADIUS with '-XO', then just
> before printing to the screen the value of the 'secret' attributes are
> md5'd and the hashes are shown instead (should be a constant, unless
> there is actually a mismatch). Of course you could have a '-o
> attr1,attr2' to protect other attributes at runtime too.
The problem is that it's hard to do. The passwords can be used in
multiple places, so knowing *when* to mangle them is awkward.
We could do a few simple things like not print client secrets or
User-Passwords from the received packets. But anything past that
quickly becomes very, very, difficult.
Alan DeKok.
More information about the Freeradius-Users
mailing list