Hashing of Debug Log Passwords
FreeRAD
yetifreerad at gmail.com
Wed Nov 6 09:16:58 UTC 2024
Hi Alan,
No problem, thought that might be the case. Thank you!
On Tue, Nov 5, 2024 at 6:58 PM Alan DeKok <aland at deployingradius.com> wrote:
> On Nov 5, 2024, at 5:15 PM, FreeRAD <yetifreerad at gmail.com> wrote:
> > I've hashed the passwords in my DB and made it so that the RADIUS server,
> > a) uses the hashed passwords b) doesn't store the cleartext passwords in
> > the 'radpostauth' table. Think I know the answer to this already but is
> it
> > possible to hash/hide the passwords being seen in the debug logs (e.g.
> > freeradius -X)?
>
> Not really, no.
>
> > Pretty sure this is a no since the server needs to see the password at
> some
> > point but thought I would ask.
>
> We've made this more configurable in v4, but at some point seeing the
> passwords helps a *lot* for debugging.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list