(RADIATOR) Patch to hide user password when using tacacs+ and trace 4,5
Bjoern A. Zeeb
bz-lists at cksoft.de
Sun Mar 9 15:46:38 CST 2008
On Sun, 9 Mar 2008, Markus Moeller wrote:
Hi,
> The User-Password attribute is encoded when Radius is used and the logging with trace 4 or 5 does not reveal the password.
You mean the password is ot revealed because it is "mangled/obfucated"?
You know the authenticator, you know the secret thus you know the
plaintext password when looking at your tracelevel 4 logs.
If you say, but if joe random on that machine sees the logs he doesn't
know the secret, then it's a matter of the ownership/permissions of
your logfiles as it would be of your radius configuration.
A tracelevel > 3 is there for aiding in debugging and it's pretty
obvious that you can get a lot of information that way to find a
problem. That's how the system is designed to work.
just my 2cts.
--
Dipl. Ing. (BA) Bjoern A. Zeeb Research & Development
CK Software GmbH http://www.cksoft.de/
Schwarzwaldstr. 31 Phone: +49 7452 889 135
D-71131 Jettingen Fax: +49 7452 889 136
HRB245288, Amtsgericht Stuttgart Geschaeftsfuehrer: Christian Kratzer
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list