How to avoid logging cleartext passwords upon unix authentication failures

Arran Cudbard-Bell a.cudbardb at
Tue Feb 25 17:39:55 CET 2014

On 25 Feb 2014, at 14:54, Matthew Newton <mcn4 at LEICESTER.AC.UK> wrote:

> On Tue, Feb 25, 2014 at 12:05:10PM +0100, Gianni Costanzi wrote:
>> Tue Feb 25 11:36:49 2014 : Auth: [unix] invalid password "wrongPassword"
>> Is it possible to tell the unix module not to log passwords? We already
> In v2, only by editing the source, as it's hardcoded. Comment out
> the line in rlm_unix.c
> You could potentially pull the crypted password out with the
> passwd module, and auth with pap rather than unix. Should have the
> desired effect.
> In v3 the invalid password logging has gone away, so if you
> upgrade then you should be OK.

* Is only displayed and debug level 3.

Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the Freeradius-Users mailing list