log *** instead of actual User-Password in postauth_query

Michael Weissenbacher mw at dermichi.com
Mon Feb 24 19:20:39 CET 2014

Hi Arran!
> Surely %{%{#User-Password}:-0} is superior to outputting asterixes... Then you don't have to count the asterixes to know what length the password was?
On second thought, i guess you are right :-)

> The various SQL dialects support padding string with arbitrary chars, so you can probably edit the post-auth queries to do what you want.
Of course! Thanks for the pointer. I successfully solved it using 
MySQL's ltrim() function.

with kind regards,

More information about the Freeradius-Users mailing list