(RADIATOR) Syslog and cleartext password
R.H.Hoek
r.h.hoek at utwente.nl
Wed Oct 27 07:21:22 CDT 2004
Dear Sir / madam,
With <Log SQL> work like a charm we have a 'problem' with the clear text
passwords in the logging. Not only with <Log SQL> but also with the
normal LogFile when trace is set to 4.
The problem is that we want to collect all logging on a central
logserver. On this server we want to do a lot accounting and
(problem)analysis. With all user-passwd in this Database this is a
potential security problem. This also applies to the local LogFile.
It would be nice when you can set a (global) option to 'asterisks' a
passwd in the logging. Or is there another way to to this?
.....
Wed Oct 27 13:59:20 2004: DEBUG: Response type 21
Wed Oct 27 13:59:20 2004: DEBUG: EAP TTLS data, 3, 8, 7
Wed Oct 27 13:59:20 2004: DEBUG: EAP TTLS inner authentication request
for m7642037 at utwente.nl
Wed Oct 27 13:59:20 2004: DEBUG: TTLS Tunnelled Diameter Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: <199><23><170><12><243><205><185>?o#<28><197>3w<196><17>
Attributes:
User-Name = "m7642037 at utwente.nl"
User-Password = "heelgeheim"
Wed Oct 27 13:59:20 2004: DEBUG: Handling request with Handler
'Realm=utwente.nl, Client-Identifier=/^WLANATUT-ID$/'
Wed Oct 27 13:59:20 2004: DEBUG: Rewrote user name to m7642037
Wed Oct 27 13:59:20 2004: DEBUG: Rewrote user name to m7642037
........
--
Greetings,
Roel H.Hoek, SeniorNetworkmanager
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente, Postbus 217, 7500 AE Enschede
kmr SP 422, telefoon: 053 - 489 4598, fax: 053 - 489 2383
e-mail: R.H.Hoek at UTwente.NL http://www.utwente.nl/itbe
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list