I don't want to see clear text password in debug mode

Arran Cudbard-Bell a.cudbardb at freeradius.org
Tue Aug 6 21:02:19 CEST 2013

On 6 Aug 2013, at 19:49, Roberto Carna <robertocarna36 at gmail.com> wrote:

> Dear, when I execute "freeradius -X" the daemon starts in debug mode.
> After that when a any user authenticate againts freradisu service, I can see in the screen something like this:
> [sql] 	expand: %{User-Name} -> roberto
> [sql] sql_set_user escaped user --> 'roberto'
> [sql] 	expand: %{User-Password} -> 123456
> My password is encrypted with MD5 but it can be seen in the debug screen.

*sigh* No. You have an MD5 hash of the password, the cleartext version is being sent from the NAS.

> Is there any way to disallow or masquerade the use's password in debug mode ???

No. This would be difficult to implement, especially for SQL queries where the password value is inserted into another string to form the query.


Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

More information about the Freeradius-Users mailing list