[RADIATOR] Hiding the LDAP Password attribute on Trace level 4 [SEC=UNCLASSIFIED]
Hugh Irvine
hugh at open.com.au
Sun Oct 12 18:34:37 CDT 2014
Hi all -
We discussed this at length many times over the years and our decision was always that “DEBUG” meant show everything that is going on, otherwise debugging is very hard.
I suppose we could consider two levels: “DEBUG” as it is now, and “DEBUGWITHOUTPASSWORDS” with passwords obscured.
Thoughts?
regards
Hugh
On 13 Oct 2014, at 08:57, Keith Morrell <KeithMorrell at nbnco.com.au> wrote:
> UNCLASSIFIED
>
> We use debug level 4 on all our subprocesses (we use radiator proxies for front ends) to gather detailed data about what’s going on – it’s just the way we like it.
>
> Personally, I think showing any passwords in clear text in logs is generally not a good idea…
>
> -Keith
>
>
> From: Alan Buxey [mailto:A.L.M.Buxey at lboro.ac.uk]
> Sent: Monday, 13 October 2014 8:49 AM
> To: Keith Morrell; Vangelis Kyriakakis; Radiator
> Subject: Re: [RADIATOR] Hiding the LDAP Password attribute on Trace level 4 [SEC=UNCLASSIFIED]
>
> Why would you be running in this mode? Surely only debug level that high for debugging? And how could you be sure that the issue want due to incorrect password? ;)
>
> alan
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
--
Hugh Irvine
hugh at open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc.
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.
More information about the radiator
mailing list