Re: Capturing "entered" passwords.
Randall Gellens wrote: At 1:43 PM -0400 6/2/05, Drew Weaver wrote: In FreeRadius there is a mechanism to capture what passwords the users enter in order to troubleshoot their connectivity. (you can set it to log successful authentications, unsuccessful authentications, or both) and it will actually log what password the client is sending to the server. This is useful for multiple reasons. Is there any way to do this in qpopper? Useful, but also a security risk, and also for multiple reasons. The only way to get Qpopper to log passwords would be to comment out the line that replaces the password with "x" before logging, then recompile. Safer to `ngrep -l -q -w 'USER|PASS' port 110` for a few seconds IF these are unencrypted sessions. Ken A Pacific.Net
Re: Capturing "entered" passwords.
At 1:43 PM -0400 6/2/05, Drew Weaver wrote: In FreeRadius there is a mechanism to capture what passwords the users enter in order to troubleshoot their connectivity. (you can set it to log successful authentications, unsuccessful authentications, or both) and it will actually log what password the client is sending to the server. This is useful for multiple reasons. Is there any way to do this in qpopper? Useful, but also a security risk, and also for multiple reasons. The only way to get Qpopper to log passwords would be to comment out the line that replaces the password with "x" before logging, then recompile. -- Randall Gellens Opinions are personal;facts are suspect;I speak for myself only -- Randomly-selected tag: --- Once a job is fouled up, anything done to improve it only makes it worse.
Capturing "entered" passwords.
In FreeRadius there is a mechanism to capture what passwords the users enter in order to troubleshoot their connectivity. (you can set it to log successful authentications, unsuccessful authentications, or both) and it will actually log what password the client is sending to the server. This is useful for multiple reasons. Is there any way to do this in qpopper? Thanks, -Drew
