Alexander Clouter wrote: > Is there a plan to add to FreeRADIUS a debug output mangling option? So > things like Cleartext-Password and User-Password are obscured.
Send a patch. ;) > For example, you get the user to run FreeRADIUS with '-XO', then just > before printing to the screen the value of the 'secret' attributes are > md5'd and the hashes are shown instead (should be a constant, unless > there is actually a mismatch). Of course you could have a '-o > attr1,attr2' to protect other attributes at runtime too. The problem is that it's hard to do. The passwords can be used in multiple places, so knowing *when* to mangle them is awkward. We could do a few simple things like not print client secrets or User-Passwords from the received packets. But anything past that quickly becomes very, very, difficult. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html