Matt Ashfield wrote: > The issue we have is when running the Radius server in debug mode with full > log-level, we see the cilent's username and password in clear-text as it > attempts to bind to the LDAP server.
That is really the whole purpose of debug mode. You see the users password not only there, but in the attributes when the RADIUS request is printed out, too. Debugging mode has little purpose without that information. > Certainly we could change the debug > mode level to not see this, but the fact that the ability to see that is > available is troubling. I'm sure many others on this list use FreeRadius and > I'm wondering what sort of policies you have in place to address this > security risk. Anyone with high-level access to the box could certainly > login, make a change to the debug level and capture sensitive login > information. I'm not sure where the problem is. Administrators of the radius server can log in and edit the RADIUS server configuration? Is this really what you're worried about? The short answer is that anyone who can write to the servers configuration, or even read the shared secrets in the "clients" file can snoop on the passwords. There's no way to prevent that without also preventing the server from running. Most of the problem can be solved by ensuring that only selected users have read access to the configuration files. Obviously, "root" has access, and at most one other user, say "radius-admin", with group "radiusd". The files should be owned by "radius-admin", writable by that user. The files should be in group "radiusd", and readable (but NOT writable) by that group. No on else should have read or write access to the configuration files. And the server should run as user "radiusd", group "radiusd". This is covered in my book in more detail. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html