On-line debugging tool
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Thu Jan 7 13:51:02 CET 2010
Hi,
> Is there a plan to add to FreeRADIUS a debug output mangling option? So
> things like Cleartext-Password and User-Password are obscured.
>
> For example, you get the user to run FreeRADIUS with '-XO', then just
> before printing to the screen the value of the 'secret' attributes are
> md5'd and the hashes are shown instead (should be a constant, unless
> there is actually a mismatch). Of course you could have a '-o
> attr1,attr2' to protect other attributes at runtime too.
>
> Only something to add to the wishlist. :)
agreed - yes, understand that debug mode should show ervything - because
then you can prove the password is wrong etc etc.... but if that debug
is then being put somewhere is needs to be obfuscated or <removed> -
heck, even just replaced with the word PASSWORD (and hope some people
arent that dumb! ;-) ) - likewise any other 'sensitive' data.
alan
More information about the Freeradius-Users
mailing list