LDAP password in log files

John Dennis jdennis at redhat.com
Mon Sep 30 20:57:42 CEST 2013


On 09/30/2013 02:45 PM, Matthew Ceroni wrote:
> Is there any way to prevent FreeRadius from showing the password in
> logs (debug logs) when authentication is done via LDAP?
> 
> Current I see :
> 
> rad_recv: Access-Request packet from host 192.168.100.2 port 31011,
> id=13, length=129
> User-Name = "username"
> User-Password = "XXXXXX"
> NAS-IP-Address = 192.168.100.2
> NAS-Port = 268
> NAS-Port-Type = Virtual
> Cisco-AVPair = "ip:source-ip=192.168.21.145"
> Calling-Station-Id = "ip:source-ip=192.168.21.145"
> 
> Plus it will show it in other spots as well (accounting section, etc).

Please try to search the list archives before asking questions. This has
been answered multiple times.

Short answer is no, the debug output is meant for debugging ONLY and
during debugging it's vital to be able to see the actual data in use.


-- 
John


More information about the Freeradius-Users mailing list