Walter Reynolds wrote:
I am currently running freeradius 1.0.4 I have the following line set
log_auth_goodpass = no
I am also using krb5 module under PAM.
The problem I am having is while I do not get the User-Password in the
<NAS>/auth-detail log, it does show up in the 127.0.0.1/auth-detail file.
I have tried to search the archive and feel I must me mising something.
Can someone please help me figure out what is going on? I want logs and
details, just not the user passwords.
I think you're missing the point. That's what that is supposed to do.
The default config has this (commented out):
# detail auth_log {
# detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
#
# This MUST be 0600, otherwise anyone can read
# the users passwords!
# detailperm = 0600
# }
...and:
authorize {
# auth_log
}
That stanza will log the radius Access-Request, so of course the
password will always be in it. There's nothing you can do about this
except don't use that stanza.
Thanks.
-- Walter Reynolds
University of Michigan
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
