Password in Radius Debug
Alan DeKok
aland at deployingradius.com
Wed Mar 17 00:37:23 CET 2010
Ari El wrote:
> I was wondering if there is a configuration option to control the level of
> debugging.
$ man radiusd
> Basically I was also looking for a way to prevent passwords from
> showing up when "freeradius -X" is used.
No. Read the message you quoted.
> I understand older versions didn't have this ability. Did this change in
> newer freeradius versions?
No. It won't *ever* change.
The purpose of debugging is to allow debugging. This includes
checking passwords.
Administrators who have the ability to see debugging mode have enough
information to decode the passwords, EVEN IF the debug mode suppresses
the passwords.
Administrators who have read access to the configuration have enough
information to decode the passwords, EVEN IF the debug mode suppresses
the passwords.
i.e. the idea of suppressing passwords is well intentioned, but useless.
Alan DeKok.
More information about the Freeradius-Users
mailing list