Debug show cleartext password
Hi All i am getting a problem on Freeradius installed on CentOS. When i set the service Radiusd in debug mode and send an access request (default type PAP) through Radtest the debug show the password in cleartext. Is there an option to do not show the fiedl User-Password in cleartext? Many Thanks Marco Aresu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Debug show cleartext password
On 11 Sep 2013, at 07:52, Marco Aresu marcoar...@gmail.com wrote: Hi All i am getting a problem on Freeradius installed on CentOS. When i set the service Radiusd in debug mode and send an access request (default type PAP) through Radtest the debug show the password in cleartext. Is there an option to do not show the fiedl User-Password in cleartext? no. I guess we should do something with it to make it FIPS compliant but it's not a big priority. You're welcome to submit a patch. Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Debug show cleartext password
Hi, i am getting a problem on Freeradius installed on CentOS. When i set the service Radiusd in debug mode and send an access request (default type PAP) through Radtest the debug show the password in cleartext. Is there an option to do not show the fiedl User-Password in cleartext? debug shows all. the RADIUS server knows all. the point of debug is to debug..and you might have eg incorrect password. this question is asked frequently - a quick look at mailing list history would show you.and the answer is no. dont run in debug if you dont want to see debug. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Debug show cleartext password
Hi, no. I guess we should do something with it to make it FIPS compliant but it's not a big priority. You're welcome to submit a patch. ..you mean sniffable by NSA? it passes that requirement already ;-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Debug show cleartext password
On 11 Sep 2013, at 08:43, a.l.m.bu...@lboro.ac.uk wrote: Hi, i am getting a problem on Freeradius installed on CentOS. When i set the service Radiusd in debug mode and send an access request (default type PAP) through Radtest the debug show the password in cleartext. Is there an option to do not show the fiedl User-Password in cleartext? debug shows all. the RADIUS server knows all. the point of debug is to debug..and you might have eg incorrect password. this question is asked frequently - a quick look at mailing list history would show you.and the answer is no. dont run in debug if you dont want to see debug. Sure, but radtest should probably have a password argument where it does a secure read from stdin. FreeRADIUS shouldn't obfuscate passwords in debug, that'd be stupid. Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html