(RADIATOR) Syslog and cleartext password

R.H.Hoek r.h.hoek at utwente.nl
Wed Oct 27 07:21:22 CDT 2004


Dear Sir / madam,

With <Log SQL> work like a charm we have a 'problem' with the clear text 
passwords in the logging. Not only with <Log SQL> but also with the 
normal LogFile when trace is set to 4.
The problem is that we want to collect all logging on a central 
logserver. On this server we want to do a lot accounting and 
(problem)analysis. With all user-passwd in this Database this is a 
potential security problem. This also applies to the local LogFile.

It would be nice when you can set a (global) option to 'asterisks' a 
passwd in the logging. Or is there another way to to this?

.....
Wed Oct 27 13:59:20 2004: DEBUG: Response type 21
Wed Oct 27 13:59:20 2004: DEBUG: EAP TTLS data, 3, 8, 7
Wed Oct 27 13:59:20 2004: DEBUG: EAP TTLS inner authentication request 
for m7642037 at utwente.nl
Wed Oct 27 13:59:20 2004: DEBUG: TTLS Tunnelled Diameter Packet dump:
Code:       Access-Request
Identifier: UNDEF
Authentic:  <199><23><170><12><243><205><185>?o#<28><197>3w<196><17>
Attributes:
         User-Name = "m7642037 at utwente.nl"
         User-Password = "heelgeheim"

Wed Oct 27 13:59:20 2004: DEBUG: Handling request with Handler 
'Realm=utwente.nl, Client-Identifier=/^WLANATUT-ID$/'
Wed Oct 27 13:59:20 2004: DEBUG: Rewrote user name to m7642037
Wed Oct 27 13:59:20 2004: DEBUG: Rewrote user name to m7642037
........


-- 

Greetings,

Roel H.Hoek, SeniorNetworkmanager
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
kmr SP 422, telefoon: 053 - 489 4598,  fax: 053 - 489 2383
e-mail: R.H.Hoek at UTwente.NL http://www.utwente.nl/itbe

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list