Hashing of Debug Log Passwords
Alan DeKok
aland at deployingradius.com
Tue Nov 5 18:57:50 UTC 2024
On Nov 5, 2024, at 5:15 PM, FreeRAD <yetifreerad at gmail.com> wrote:
> I've hashed the passwords in my DB and made it so that the RADIUS server,
> a) uses the hashed passwords b) doesn't store the cleartext passwords in
> the 'radpostauth' table. Think I know the answer to this already but is it
> possible to hash/hide the passwords being seen in the debug logs (e.g.
> freeradius -X)?
Not really, no.
> Pretty sure this is a no since the server needs to see the password at some
> point but thought I would ask.
We've made this more configurable in v4, but at some point seeing the passwords helps a *lot* for debugging.
Alan DeKok.
More information about the Freeradius-Users
mailing list