Re: LDAP password in log files
Hi, > Is there any way to prevent FreeRadius from showing the password in > logs (debug logs) when authentication is done via LDAP? dont run in debug mode. debug mode is there for a reason - to debug problems. verify if things like passwords are correct. look at the mailing list archive - this question comes up each month. if you dont want passwords to be printed, edit the source code to change the function. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP password in log files
On 09/30/2013 02:45 PM, Matthew Ceroni wrote: > Is there any way to prevent FreeRadius from showing the password in > logs (debug logs) when authentication is done via LDAP? > > Current I see : > > rad_recv: Access-Request packet from host 192.168.100.2 port 31011, > id=13, length=129 > User-Name = "username" > User-Password = "XX" > NAS-IP-Address = 192.168.100.2 > NAS-Port = 268 > NAS-Port-Type = Virtual > Cisco-AVPair = "ip:source-ip=192.168.21.145" > Calling-Station-Id = "ip:source-ip=192.168.21.145" > > Plus it will show it in other spots as well (accounting section, etc). Please try to search the list archives before asking questions. This has been answered multiple times. Short answer is no, the debug output is meant for debugging ONLY and during debugging it's vital to be able to see the actual data in use. -- John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP password in log files
Is there any way to prevent FreeRadius from showing the password in logs (debug logs) when authentication is done via LDAP? Current I see : rad_recv: Access-Request packet from host 192.168.100.2 port 31011, id=13, length=129 User-Name = "username" User-Password = "XX" NAS-IP-Address = 192.168.100.2 NAS-Port = 268 NAS-Port-Type = Virtual Cisco-AVPair = "ip:source-ip=192.168.21.145" Calling-Station-Id = "ip:source-ip=192.168.21.145" Plus it will show it in other spots as well (accounting section, etc). Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html