Hi, > Is there a plan to add to FreeRADIUS a debug output mangling option? So > things like Cleartext-Password and User-Password are obscured. > > For example, you get the user to run FreeRADIUS with '-XO', then just > before printing to the screen the value of the 'secret' attributes are > md5'd and the hashes are shown instead (should be a constant, unless > there is actually a mismatch). Of course you could have a '-o > attr1,attr2' to protect other attributes at runtime too. > > Only something to add to the wishlist. :)
agreed - yes, understand that debug mode should show ervything - because then you can prove the password is wrong etc etc.... but if that debug is then being put somewhere is needs to be obfuscated or <removed> - heck, even just replaced with the word PASSWORD (and hope some people arent that dumb! ;-) ) - likewise any other 'sensitive' data. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
