pam_radius_auth logs passwords in plain text.

FreeRADIUS / pam_radius

This is the PAM to RADIUS authentication module. It allows any Linux, OSX or Solaris machine to become a RADIUS client for authentication and password change requests.

GNU General Public License v2.0

102 stars 90 forks source link

pam_radius_auth logs passwords in plain text. #48

Closed jscarville closed 3 years ago

jscarville commented 3 years ago

I am trying to get Okta to work with openssh using their radius agent. As part of this I turned on the debug function for pam_radius_auth on a test server and discovered that it logs the password in the clear.

I am using version 1.4.0 in case this feature has been fixed.

alandekok commented 3 years ago

If the server logged passwords in normal mode, that would be an issue. But for debug mode, this is what's supposed to happen.