Debug show cleartext password

Arran Cudbard-Bell a.cudbardb at
Wed Sep 11 09:58:49 CEST 2013

On 11 Sep 2013, at 08:43, A.L.M.Buxey at wrote:

> Hi,
>>   i am getting a problem on Freeradius installed on CentOS. When i set the
>>   service Radiusd in debug mode and send an access request (default type
>>   PAP) through Radtest the debug show the password in cleartext.
>>   Is there an option to do not show the fiedl User-Password in cleartext?
> debug shows all. the RADIUS server knows all. the point of debug is to debug..and
> you might have eg incorrect password. this question is asked frequently - a quick
> look at mailing list history would show you.....and the answer is no. dont run in debug if
> you dont want to see debug.

Sure, but radtest should probably have a password argument where it does a secure read from stdin.
FreeRADIUS shouldn't obfuscate passwords in debug, that'd be stupid.

Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS Development Team

More information about the Freeradius-Users mailing list