[RADIATOR] (RADIATOR) Patch to hide user password when using tacacs+ and trace 4, 5

Markus Moeller huaraz at moeller.plus.com
Tue Jan 13 17:57:17 CST 2009


I still would like to see the password hidden during debug.  What would 
convince you to include it ?

Thank you
Markus

----- Original Message ----- 
From: "Markus Moeller" <huaraz at moeller.plus.com>
To: "Bjoern A. Zeeb" <bz-lists at cksoft.de>
Cc: <radiator at open.com.au>
Sent: Monday, March 10, 2008 1:11 AM
Subject: Re: (RADIATOR) Patch to hide user password when using tacacs+ and 
trace 4,5


>
>
>
>> On Sun, 9 Mar 2008, Markus Moeller wrote:
>>
>> Hi,
>>
>>> The User-Password attribute is encoded when Radius is used and the 
>>> logging with trace 4 or 5 does not reveal the password.
>>
>> You mean the password is ot revealed because it is "mangled/obfucated"?
>>
>
> Yes
>
>> You know the authenticator, you know the secret thus you know the
>> plaintext password when looking at your tracelevel 4 logs.
>>
>
> I also forward messages with syslog to a central syslog server for 
> monitoring (although ususally not with trace 4,5 but can happen when 
> debugging)
>
>> If you say, but if joe random on that machine sees the logs he doesn't
>> know the secret, then it's a matter of the ownership/permissions of
>> your logfiles as it would be of your radius configuration.
>>
>
> I may have logfiles readable for operators but not the clients file with 
> the secrects
>
>> A tracelevel > 3 is there for aiding in debugging and it's pretty
>> obvious that you can get a lot of information that way to find a
>> problem.  That's how the system is designed to work.
>>
>
> True, but for example the radius code has also a section commented to not 
> log the cleartext password.
>
>>
>> just my 2cts.
>>
>
> Thank you
> Markus
>
>> -- 
>> Dipl. Ing. (BA) Bjoern A. Zeeb          Research & Development
>> CK Software GmbH                        http://www.cksoft.de/
>> Schwarzwaldstr. 31                      Phone: +49 7452 889 135
>> D-71131 Jettingen                       Fax: +49 7452 889 136
>> HRB245288, Amtsgericht Stuttgart        Geschaeftsfuehrer: Christian 
>> Kratzer
>>
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
> 




More information about the radiator mailing list