How to avoid logging cleartext passwords upon unix authentication failures
Matthew Newton
mcn4 at leicester.ac.uk
Tue Feb 25 15:54:54 CET 2014
On Tue, Feb 25, 2014 at 12:05:10PM +0100, Gianni Costanzi wrote:
> Tue Feb 25 11:36:49 2014 : Auth: [unix] invalid password "wrongPassword"
>
> Is it possible to tell the unix module not to log passwords? We already
In v2, only by editing the source, as it's hardcoded. Comment out
the line in rlm_unix.c
You could potentially pull the crypted password out with the
passwd module, and auth with pap rather than unix. Should have the
desired effect.
In v3 the invalid password logging has gone away, so if you
upgrade then you should be OK.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list