How to avoid logging cleartext passwords upon unix authentication failures
Gianni Costanzi
gianni.costanzi at gmail.com
Tue Feb 25 12:05:10 CET 2014
Hi,
we're using Freeradius Version 2.2.0 to authenticate users against unix
unsers/passwords stored on the freeradius server. We noticed that when a
user authentication fails, the following line appears with the cleartext
password within it:
Tue Feb 25 11:36:49 2014 : Auth: [unix] invalid password "wrongPassword"
Is it possible to tell the unix module not to log passwords? We already
disabled authentication requests' logging in the main radiusd.conf file,
but there seem not to be an option to disable authentication failures'
logging for the unix module, am I wrong?
Thank you for any help,
Gianni Costanzi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140225/89d74d13/attachment.html>
More information about the Freeradius-Users
mailing list