log *** instead of actual User-Password in postauth_query

Michael Weissenbacher mw at dermichi.com
Mon Feb 24 18:17:50 CET 2014


Dear List!
I am wondering if there is a way to convert a password to a number of 
asterisk symbols (*) matching the length of the actual password using 
unlang.

For obvious reasons i do not want to log the cleartext password in 
radpostauth. But i don't want to completely omit the field either. 
Changing the postauth_query in dialup.conf is pretty straightforward, 
but i could not figure out how to replace the password with the exact 
same number of * symbols. The best i could come up with so far is:
%{%{#User-Password}:-0}

Which outputs the length of the password as a number. Is there a 
straightforward way to achieve what i want?

tia,
Michael


More information about the Freeradius-Users mailing list