How to avoid logging cleartext passwords upon unix authentication failures
Matthew Newton
mcn4 at leicester.ac.uk
Tue Feb 25 18:03:24 CET 2014
On Tue, Feb 25, 2014 at 04:39:55PM +0000, Arran Cudbard-Bell wrote:
>
> On 25 Feb 2014, at 14:54, Matthew Newton <mcn4 at LEICESTER.AC.UK> wrote:
>
> > On Tue, Feb 25, 2014 at 12:05:10PM +0100, Gianni Costanzi wrote:
> >> Tue Feb 25 11:36:49 2014 : Auth: [unix] invalid password "wrongPassword"
> >>
> >> Is it possible to tell the unix module not to log passwords? We already
> >
> > In v3 the invalid password logging has gone away, so if you
> > upgrade then you should be OK.
>
> * Is only displayed and debug level 3.
Debug logs, yeah. I thought he was talking about
/var/log/freeradius/radiusd.log
v3 is the way to go, anyhow.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list