[RADIATOR] Hiding the LDAP Password attribute on Trace level 4 [SEC=UNCLASSIFIED]

Keith Morrell KeithMorrell at nbnco.com.au
Sun Oct 12 18:38:34 CDT 2014 

UNCLASSIFIED
Yes, ideal solution. 

I agree DEBUG should show all...but having the passwords in clear text in the logs is generally undesirable.

Thanks Hugh.

-Keith


-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au]
Sent: Monday, 13 October 2014 10:35 AM
To: Keith Morrell
Cc: Alan Buxey; Vangelis Kyriakakis; Radiator
Subject: Re: [RADIATOR] Hiding the LDAP Password attribute on Trace level 4 [SEC=UNCLASSIFIED]


Hi all -

We discussed this at length many times over the years and our decision was always that "DEBUG" meant show everything that is going on, otherwise debugging is very hard.

I suppose we could consider two levels: "DEBUG" as it is now, and "DEBUGWITHOUTPASSWORDS" with passwords obscured.

Thoughts?

regards

Hugh


On 13 Oct 2014, at 08:57, Keith Morrell <KeithMorrell at nbnco.com.au> wrote:

> UNCLASSIFIED
> 
> We use debug level 4 on all our subprocesses (we use radiator proxies for front ends) to gather detailed data about what's going on - it's just the way we like it.
>  
> Personally, I think showing any passwords in clear text in logs is 
> generally not a good idea...
>  
> -Keith
>  
>  
> From: Alan Buxey [mailto:A.L.M.Buxey at lboro.ac.uk]
> Sent: Monday, 13 October 2014 8:49 AM
> To: Keith Morrell; Vangelis Kyriakakis; Radiator
> Subject: Re: [RADIATOR] Hiding the LDAP Password attribute on Trace 
> level 4 [SEC=UNCLASSIFIED]
>  
> Why would you be running in this mode? Surely only debug level that 
> high for debugging? And how could you be sure that the issue want due 
> to incorrect password? ;)
> 
> alan
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc. 
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.

More information about the radiator mailing list