[tac_plus] Full AAA logging / supported configuration
Sean
spedersen.lists at gmail.com
Tue Sep 13 13:22:10 UTC 2016
So the logging occurs once it’s been decrypted. Is there a way to always ensure sensitive data that can be logged during debug, such as the password of the end-user, is encrypted? Or at least omitted?
I don’t like the idea that someone else with sudo / root can sniff someone else’s passwords in clear text. ☹
On 9/12/16, 4:41 PM, "heasley" <heas at shrubbery.net> wrote:
Mon, Sep 12, 2016 at 03:03:49PM -0700, Sean:
> Then I misspoke. I thought the key was used for authentication; I didn’t realize it was also being used to encrypt the packets.
>
> I’ve got a key configured and in use, but the password(s) were still being logged via `-d 256` in cleartext in /var/log/tac_plus.log when it was running with that level of debugging enabled.
only data on the wire in encrupted
More information about the tac_plus
mailing list