Let me start by saying that I appreciate the amount of time and effort you and others expend toward maintaining FreeRadius, answering countless/repetitive "my thing don't work, what's wrong" and "how do I..." questions, and responding to seemingly ridiculous enhancement requests *g* from people like me. You have certainly provided me information that was helpful to me in getting FreeRadius working. Thank you for sharing your time and knowledge Alan.
> The whole purpose of debugging mode is to print out what the server > is doing. Hiding information is a guaranteed way to create problems. I agree with you 100% that having the server show what it is doing is very helpful when troubleshooting problems. Can you help me understand how displaying the plaintext password tells me what the server is doing? Even though the password is hidden by encryption in many other protocols, it is possible to properly configure and troubleshoot FreeRadius for these protocols. Are you saying you don't see any value in having the option to hide secret information? I freely admit that I'm fairly new to FreeRadius and this list, but I bet it's atypical that the actual value of the password (not whether the attribute is present) is necessary for non-FreeRadius developers to troubleshoot server problems. If you disagree, can you help enlighten me? > a) Why is it a security exposure? You haven't explained. Security exposure is perhaps the wrong term. I believe it increases the risk of user account compromise with little or no benefit to the administrator. Displaying the password while troubleshooting our FreeRadius deployment did not help me solve any problems. I'm open to the idea that it might help some people solve problems. But, if it's not normally needed and it's secret information, why not give administrators the option to suppress it (as the detail module does)? > You're really saying that it's a security exposure to show passwords > to the administrator who has permission to stop and start the server? What I'm saying is that displaying plaintext passwords and/or potentially storing them unencrypted on electronic media (e.g., redirected output from FreeRadius that is stored on disk and in backups), increases the risk of user account compromise. Also, being a FreeRadius administrator does not imply that you are an administrator of the backend user database. I'm not sure I understand the relevance of having permission to stop and start the server.. > b) If the default is changed to not show the passwords, are *you* > going to answer umpteen questions on this list about "why does the > password show up as ***"? That's an excellent point - I could easily see that outcome. Would you feel differently if the mask was different (e.g., "<password hidden by config. option>")? What if the default was to show the passwords so the server acts the same as it does now unless the administrator goes out of their way to change it? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
