How to avoid logging cleartext passwords upon unix authentication failures

Matthew Newton mcn4 at
Tue Feb 25 15:54:54 CET 2014

On Tue, Feb 25, 2014 at 12:05:10PM +0100, Gianni Costanzi wrote:
> Tue Feb 25 11:36:49 2014 : Auth: [unix] invalid password "wrongPassword"
> Is it possible to tell the unix module not to log passwords? We already

In v2, only by editing the source, as it's hardcoded. Comment out
the line in rlm_unix.c

You could potentially pull the crypted password out with the
passwd module, and auth with pap rather than unix. Should have the
desired effect.

In v3 the invalid password logging has gone away, so if you
upgrade then you should be OK.


Matthew Newton, Ph.D. <mcn4 at>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list